INFO: Bad HTTP_REFERER (Page 2 of 8)

it works !

~I understood you mean the option base url of the forum , adding the /FORUM makes it !

thanks for your great help

I've just fixed my error

Just didnt have www. there when it should be.

Unfortunately not. Well, you could disable it manually, but from a security standpoints it's not very good. If you want to, I will show you how. Just say the word.

An easier method is to comment out the code in include/functions.php. I.e. the code in the function confirm_referer. That way you only have to change it in one place.

Im working on the forum at my school !
how can i change anything in the forum, when i dont have a URL to enter ??
im behind a router, so i have only LAN ip..
of caurs i can enter the web ip for the router, but how am i suppse to put it ?? and ARGHH !!

i have only ipadress, no domain..
what to do

plz help

Thanks

I'm having a problem with this as well.

I am using Norton Internet Security, but I have disabled it for my own domains (alinear.net etc.). I am not sure if this 'solves' the problem, but at the same time I don't want to disable it completely just to admin the forums...

I have the base URL set correctly to:
http://www.alinear.net/bbs

I am loggin in by going to the same url (with the www).

No matter what I do ... flush cache... try several different browsers on pc or mac... I get the same http referrer error.

I'd like to disable this protection ... I am not wildly concerned about someone hacking my forums...

So in the 'include' folder, I opened 'functions.php' and cheanged this function like so:

function confirm_referer($script)
{
//    global $pun_config, $lang_common;
//
//    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
//        message($lang_common['Bad referer']);
}

I commented out the body of the function, leaving it there nulled so whatever calls it won't destory itself somehow.

However I am STILL getting the bad referrer problem!!!?!

I also ran:
http://www.alinear.net/bbs/include/index.html

Assuming maybe this was required in some way?

Is there something I am missing about taking this referrer validation out?

Thanks,
Neil

alinear.net

Sorry I hadn't 'disabled' it per se -- I had 'disabled' it in the browser in the sense that I had it shutting off ad/content filtering.

If I *fully* disable norton (totally shut it down), it works.

But... I'd prefer to not have to do this every time I wanted to mess with the config, at least not while I get the BBS set up initially (will be making frequent small changes and tweaks).

Is there any simple way to temporarily disable the check? I tried commenting out the function (as above) but this does not help -- it still gives me the same issue so long as my firewall isn't disabled.

I'd basically like to disable the check while I get the BBS set up, then put it back when I am done and would likely only change the main config. options infrequently.

Thanks!,
Neil

/ alinear

I set my Base Url to exactly 'forum.nonet.org' - without http:// and it gives me Bad Referer in some admin-operations but not all (Managing categories is one where it gives me bad ref)

In include/functions.php

function confirm_referer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
        message($lang_common['Bad referer']);
}

Why not try a substr for http:// or https:// and strip them out of both http-referer and base url if present?

How about a compromise; strip out the http[,s]:// when doing the referer-check?

Or forcibly put in place (checking to see if there is a http or https first naturally) when installing/updating the base url so it will always be there is the user forgets to set it( or doesn't think it's needs to be there ...

Just though i'd shine some light on the matter for future updates.

I go into admin_options like this:
http://waseda.lunarpages.com/~login/pun … ptions.php

BASE URL is set to this:
http://waseda.lunarpages.com/~login/punbb

on submit, i get this:

Bad HTTP_REFERER. You were referred to this page from an unauthorized source. Please go back and try again. If the problem persists please make sure that 'Base URL' is correctly set in Admin/Options and that you are visiting the forum by navigating to that URL.

-Norton firewall is off
-Norton  ad blocking is off
-Using Mozilla 1.6 with cache cleared

anything obvious?  I have read whole thread and can't figure it out.

I would really like to try this as alt to phpBB.

Thanks

I have this problem also when using admin, I copied and replaced code as directed below

hpmod: Hmm. That can't be right. There is no referer check in admin_options.php. However, we can determine why your referer check is failing. Open up include/functions.php and go to line 606. There, replace:

Code:

function confirm_referer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
        message($lang_common['Bad referer']);
}

with

Code:

function confirm_referer($script)
{
    global $pun_config, $lang_common;

    dump('"'.$pun_config['o_base_url'].'/'.$script.'"', '"'.$_SERVER['HTTP_REFERER'].'"');
}

And my output is below

"http://branchville-sc.com/punbb-1.1.3/u … gories.php"

"http://www.branchville-sc.com/punbb-1.1 … gories.php"

I have tried every url combination possible , and still cannot find fix

Thanks, That fixed it!