|
Joined: Feb 2001
Posts: 169
Member
|
Member
Joined: Feb 2001
Posts: 169 |
A lot of users reported me this error when they try to post: "The host you are trying to send the input from is not a valid host." We undersand that this is caused by firewall software, disabling it everything works fine, but... some users (and me) wants to know why of this and wich port are affected. This is related to their own security and I would like to give them a clear and right explanation. Can you help me? Thank you !
|
|
|
|
Joined: Nov 2001
Posts: 10,369
I type Like navaho
|
I type Like navaho
Joined: Nov 2001
Posts: 10,369 |
This will help them They can either adjust their firewall settings, or you can turn off the referer check in the config file. If the referer check is on - the posting script needs to see the referer and know that it came from your site. Firewalls block this.
|
|
|
|
Joined: Feb 2001
Posts: 169
Member
|
Member
Joined: Feb 2001
Posts: 169 |
What's bad disabling referer check ?
|
|
|
|
Joined: Nov 2001
Posts: 10,369
I type Like navaho
|
I type Like navaho
Joined: Nov 2001
Posts: 10,369 |
The referer check confirms that the request to post came from your site - and not somewhere else.
|
|
|
|
Joined: Jun 2003
Posts: 1,025
Junior Member
|
Junior Member
Joined: Jun 2003
Posts: 1,025 |
Its to help prevent hotlinking.
|
|
|
|
Joined: Jun 2001
Posts: 3,273
That 70's Guy
|
That 70's Guy
Joined: Jun 2001
Posts: 3,273 |
[] slayer60 said:Its to help prevent hotlinking. [/] Sort of, but not really. Hot linking would include having your graphics be displayed on someone else's site while they remained on your server. Then they are using your bandwidth to display them. The referer checks in .threads only covers pages that have data posted to them. Pages that take in data via GET do not use the referer check. A site could link to your ubbthreads.php page regardless of the referer check setting but they wouldn't be able to post to your addpost.php page if your referer check is on. Rutto: The referer check isn't a complete solution for security but it definately does add to it. If you can educate your users on setting their firewalls correctly I would think that's the way to go. If they are not receptive then disabling the referer check is the next best solution. </2cents>
|
|
|
|
Joined: Feb 2001
Posts: 169
Member
|
Member
Joined: Feb 2001
Posts: 169 |
Ok, it's clear now, I don't mind to block that kind of activities (I don't think anyone will do it !) so I'm going to disable referrer check.
|
|
|
|
Joined: Feb 2001
Posts: 2,268
Junior Member
|
Junior Member
Joined: Feb 2001
Posts: 2,268 |
[]Rutto said: What's bad disabling referer check ? [/]
It's a lame security check designed to verify that the client who is making a request for data is coming from a page on your server. It can prevent someone from spamming your board from another domian.
The referer data in an HTTP GET request is blocked by so many firewall applications and can be easily spoofed, so it's value as a security check is almost useless.
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
Addict
Joined: Apr 2002
Posts: 1,768 |
HTTP_REFERER is also used in a couple of places for other purposes:
dopoll.php - for redirecting to the poll results page search.php - for defaulting the search to a specific forum
|
|
|
|
Joined: Feb 2001
Posts: 2,268
Junior Member
|
Junior Member
Joined: Feb 2001
Posts: 2,268 |
Cool. I was just giving a general description of what it is and why it's not much of a big deal.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 70
Joined: January 2007
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|