Warning: your browser doesn't send HTTP_REFERER ?

[LABAY]

Warning: your browser doesn't send the HTTP_REFERER header to the website. This can be caused due to your browser, using a proxy server or your firewall. Please change browser or turn off the use of a proxy or turn off the 'Deny servers to trace web browsing' in your firewall and you shouldn't have problems when sending a POST on this website."

I get this when I access a cetain website using PCP. In order to correct this, I'm supposed to tweak my Mozilla which specifies direct conn to internet and Zonealarm that specifies URL as "trusted".

All the problems are on the URL end. What can webmaster do to avoid this for users like me? Without my having to tweak? Is there a solution?

-LABay

 

[jpadie]

the website does not need httP_referrer information. it is using it to track you and provide some measure of access control.

 

[LABAY]

Jpadie, thanks for your comment.

But what do I tell the webmaster to do to avoid it?

-Larry

 

[jpadie]

to stop checking for the presence of the HTTP_REFERER!

 

[LABAY]

jpadie - do you agree with this? It's beyond my competance. This is what the webmaster tells me after I told him you said to turn it off. As I told him, I have out-of-the-box Mozilla ( latest). I don't have problems anywhere else.

-Labay

Here is what he replied:

"Its nothing I have done , it is just standard internet protocol. I wont
change any code, it may mess the entire thing up. There are over 100,000
sites running the phpnuke system and it has been proven since 2000. It is
run on most community type websites for its simplicity. If there are any
problems it is not something of the system, of the end user. Not checking
for the http referrer will surely open up the website to malicious attacks.
All common web browsers send the referrer unless it has been turned off by
the user."
--

 

[jpadie]

i don't know whether all browsers send the referer by default. certainly IE and FF do. Not all browsers can turn this function off either.

i guess in this day and age it is becoming more common that users like to suppress transmission of their browsing activity.

a well designed security model need not make use of the http_referer variable. but this may require more coding skills than your ISP has. in fact, there is a bug in phpnuke in that the fact that it does use and log http_referer but does not validate it, opens phpnuke to sql injection attacks.

why do you turn off the sending of http_referer information in your browser?

 

[LABAY]

I didn't turn anything off. I'm using v 5.0, as downloaded.

Do you think I should just turn it on and be done with it?

Usually, if it ain't broke, I don't fix it.This is the only site this has ever done this to me.

The ISP is a 16 yr old young fellow, a very sharp member of our amateur radio club. He may lack some experience but he's done a great job on our website.

Appreciate your copmments.

-Larry

 

[jpadie]

i don't know what "v5.0 as downloaded" means.

i don't know what impact on phpnuke would be if you turned off the check. it might well have knock on impacts. you would have to examine the code to take a view.

 

[LABAY]

Sorry!

V5 refers to the Firefox.

I'll have to examine mine to see what's checked.

-Larry

 

[LABAY]

Sorry!

V5 refers to the Firefox.

I'll have to examine mine to see what's checked.

-Larry

PS: Seems I have v 1.8. I'm d/l v 2.something now.

-Larry

 

[jpadie]

i was not aware that FF had a built in function to suppress the sending of http_referer. are you running any extensions?

if not, then i suspect the issue is you are trying to access the site through a deep link rather than the way in which the site wishes you to use it.

 

[LABAY]

Like I said, this is all exceding my competence.

No I am not running any extensions. He suggested some but I feel, if FF works for every other website, it should work on his.

Not sure what a "deep link" is. If it means accessing his site through some other link, I don't think so. At least, nothing I can see. I'll ask. But first, define it for me.

-Larry

 

[jpadie]

do you know what http_referer is?

 

[LABAY]

I don't know. I gather, from something I read, it's sent to the other end and confirms some securty-related function.

I have since d/l and installed v 2.0 (which I think I already was using. No difference.

The website is

http://www.w4iax.com

and it's when you try to log in or register as a member that I run into the problem.

He's sent me a whole lot of info abt how to modify some extension or add-on. It's a lot of info.

The problem is, some other hams have run into the same problem and they say they're just not going to bother with it. These guys definitely are not going to want to get into all that. They know even less than I do, (if that's possible).

My point is what good is a website no one uses. Better to make it easy for everyone.

-Larry