Re: INFO: Bad HTTP_REFERER
This bad referrer message can be due to something as simple as the difference between "http" and "https," which is what was causing it for me. Hope this helps someone.
Noah
101 2004-11-19 20:03
102 2004-11-19 20:29
- Connorhd
- Former PunBB Developer
- Offline
Re: INFO: Bad HTTP_REFERER
https is secure http and unless or even if your webhost supports secure connections its gonna cause problems
103 2005-01-17 00:52 (edited by spider8 2005-01-17 00:53)
Re: INFO: Bad HTTP_REFERER
Is there any good reason securitywise that should prevent me from having o_base_url = domainname.tld and then calling confirm_referrer(''); instead of confirm_referrer('scriptname.php'); in each affected script (or change confirm_referrer() in functions.php to ignore $script)?
I'd like to do this, because I heavily rewrite my URLs in my modded forum version and I'd like to do some admin stuff with the original version as well.
104 2005-01-17 04:48
Re: INFO: Bad HTTP_REFERER
To solve the problem with people using Norton Personal Firewall Configure it..
Privacy Control -> Configure -> Custom level -> Deselect Enable Browser Privacy...
You don't need to disable the entire firewall.. just share a little bit of browsing information... hehe
105 2005-01-17 12:34
Re: INFO: Bad HTTP_REFERER
spider8 wrote:
Is there any good reason securitywise that should prevent me from having o_base_url = domainname.tld and then calling confirm_referrer(''); instead of confirm_referrer('scriptname.php'); in each affected script (or change confirm_referrer() in functions.php to ignore $script)?
Not really. The most important part is the domain check.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
106 2005-01-18 04:55
Re: INFO: Bad HTTP_REFERER
Thank you Rickard, this will help me a lot.
107 2005-05-23 15:04
Re: INFO: Bad HTTP_REFERER
I have Norton Security that I just installed on my computer. I am having the
Bad HTTP_REFERER. You were referred to this page from an unauthorized source. If the problem persists please make sure that 'Base URL' is correctly set in Admin/Options and that you are visiting the forum by navigating to that URL. More information regarding the referrer check can be found in the PunBB documentation.
I read the instruction about how to go around it and it didn't work. What am I doing wrong? Should I re-install punnbb? I just don't know! Also, I edited some script in the admin_options and the admin_forums. I am not sure but I think I deleted too much in the admin_forums. Can I get the original script anywhere?
108 2005-05-28 21:10
Re: INFO: Bad HTTP_REFERER
I am using my forums on
http://209.97.203.116/~trueabso/forums/index.php
When I try to change my base url, it wont let me. I have reinstalled the system and everything. It still gives me the bad http_referer error when I try and change it...
What should I set it to, and what should I do to bypass this?
109 2005-05-29 00:42
Re: INFO: Bad HTTP_REFERER
anthem: That means your using some kind of firewall or software that strips out your HTTP_REFERER. Are you using Norton? In that case, read the first post in this topic.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
110 2005-06-01 23:48
Re: INFO: Bad HTTP_REFERER
Rickard wrote:
anthem: That means your using some kind of firewall or software that strips out your HTTP_REFERER. Are you using Norton? In that case, read the first post in this topic.
I set my firewall to not strip it. I am now using http://northernconflict.net/forums/
Base URL
The complete URL of the forum without trailing slash (i.e. http://www.mydomain.com/forums). This must be correct in order for all admin and moderator features to work. If you get "Bad referer" errors, it's probably incorrect.
I have http://www.northernconflict.net/forums set. yet it still gives me the bad http_referer
111 2005-06-03 17:03
Re: INFO: Bad HTTP_REFERER
anthem: I've registered in your forums. Could you make me an admin or moderator so that I can check it out myself?
"Programming is like sex: one mistake and you have to support it for the rest of your life."
112 2005-06-05 03:33 (edited by anthem 2005-06-05 03:36)
Re: INFO: Bad HTTP_REFERER
Rickard wrote:
anthem: I've registered in your forums. Could you make me an admin or moderator so that I can check it out myself?
Done.
[edit]
well, shit... I guess it works now. Must have been the system having some troble updating.
113 2005-06-06 00:21
Re: INFO: Bad HTTP_REFERER
"Programming is like sex: one mistake and you have to support it for the rest of your life."
114 2005-08-06 10:37 (edited by h4ns 2005-08-06 11:44)
Re: INFO: Bad HTTP_REFERER
HTTP_REFERER is a variable that gets filled with whatever is sent in the "Referer" HTTP header. Any hacker with any size of brain can easily spoof this...
How important do you consider this referrer check really?
I've just recently discovered punBB and it really outrulez everything else BTW
115 2005-08-06 23:56
Re: INFO: Bad HTTP_REFERER
I've described the reason for the referrer check earlier in this topic. I am very much aware that anyone can spoof their HTTP_REFERER, but spoofing it wouldn't make any sense. The referrer check is there to protect admins and moderators.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
116 2005-08-07 01:15
Re: INFO: Bad HTTP_REFERER
Ah sorry, I must be reading over it again and again. The only thing I can find about it is:
Rickard wrote:
The check is there for a very good reason, trust me :-)
I trust you (for checking my referrer anyway 
) and was wondering what that very good reason might be. I thought maybe you've put it in there for an even better reason than hacker-blocking...?
117 2005-08-07 09:46
Re: INFO: Bad HTTP_REFERER
Aha. Maybe that was in a different topic.
Without the referrer check, it would be possible for a malicious user to construct a web page somewhere and then trick an admin or a moderator to visit that page. On the page, a hidden form would be posted via Javascript that posts to a page in the forums (an admin page or maybe someones profile). It would be easy to e.g. upgrade a user to admin status. However, with the referrer check, this wouldn't be allowed because the forums would check the referrer and notice that the form was posted from somewhere outside the forums.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
118 2005-08-07 13:12
Re: INFO: Bad HTTP_REFERER
That is indeed the best reason I've ever heard for implementing a referrer check! Thanks!
119 2005-08-07 15:10
Re: INFO: Bad HTTP_REFERER
Rickard is a clever man! 
120 2005-09-07 20:07 (edited by frippz 2005-09-07 20:08)
Re: INFO: Bad HTTP_REFERER
I think I've tried everything now. The URL checks out, no firewall in the way or proxy and still I get the "Bad HTTP_REFERER" error. I even tried on two different hosts and from two different computers (different ISP's in different cities).
I'm starting to run out of ideas here... 
Forum located at: http://www.adjust.nu/forum/
121 2005-09-07 20:53
Re: INFO: Bad HTTP_REFERER
frippz: Earlier in this topic, I recommended a way of modifying the referrer check to print out the two URL's it's trying to compare. Have a look at that and post the results.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
122 2005-09-13 11:31
Re: INFO: Bad HTTP_REFERER
Rickard wrote:
3. You are browsing the forum through a proxy or firewall of some sort that is stripping HTTP_REFERER from all requests. Norton Personal Firewall and Kerio Personal Firewall 4 are the only ones I know of so far that strip HTTP_REFERER by default....
Zone alarm 6.06 can join the band
123 2005-09-13 16:18
Re: INFO: Bad HTTP_REFERER
Really? I think that's what I use, and I don't have issues...
124 2005-09-13 19:12
Re: INFO: Bad HTTP_REFERER
I still haven't been able to receive a straight answer as to how stripping out HTTP_REFERER increases security. I guess they call it a "privacy feature". People are too paranoid.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
125 2005-09-13 20:29
Re: INFO: Bad HTTP_REFERER
Mmm, updated ZA
Download and test time