1
bigzaphod
http referer - the final post!! Why am I being redirected here?
  • 2006/1/22 19:19

  • bigzaphod

  • Just popping in

  • Posts: 25

  • Since: 2005/9/27


OK - I have torn apart these forums looking for answers. Some suggested doing what the error message recommended and turn off firewall protection...are you kidding me? That is a ridiculous notion. My users and I use firewalls for a reason...there is no way I can expect them to turn them off to visit my site. The next question is what is my site doing that they need their firewalls off for?

I have seen a couple of threads offering different options, and for the time being I have turned referer check off. I am not a programmer, for all I know I am leaving my site vulnerable....posting it on here could leave me open to some attack I don't know about. It could cause operation problems, and module malfunction...I don't know. But there has got to bea fix, a 'xoops approved' solution.

Somebody, somwhere, please help me and the other patient XOOPS users with this issue. (the prof, fruityb, allnewtome, and the others that have persisted with posting about this problem). I am getting frustrated and I can only imagine how many webmasters are just as irritated. In addition, I will lose membership over an error message like that. As you know, ease of use will keep people coming back....if they start having problems, they'll just go somewhere else.

Thanks for reading this post - if you can help...I would be very grateful and give you all the credit!

Signed,
frustrated XOOPS lover

2
m0nty
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/22 21:18

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


nobody is asking you to disable firewalls.. what they are asking you to do is learn how to use your firewall! and add your site to trusted section and make sure that http headers are NOT blocked!

taken from zone alarm config page: the wording goes something like this:

"blocking this function may stop certain/many websites functioning properly, only block these if you know what you are doing"

thew actual firewall itself is telling you there that blocking headers may stop you accessing websites. so y blame xoops?

xoops relies on header referalls so that it knows where the user is coming from, it uses these legitimately and is added security for your website!! enabling headers in your browser is NOT a big issue and certainly is not a security risk to you.. it's a privacy thing for the PARANOID people outthere who think they are gonna be hacked or stalked by people..

in other words, it's not really a big deal to enable headers, headers are used legitimately by many sites, even the firewall tells you this if you read the instructions.

yes turning it off, is a reduction in security for your site.. but what do you want? a securer site or open it up to certain attacks, (it's a minor thing) or do you want to please every paranoid person outthere who thinks that blocking headers HAS to be done to keep their computers secure..

3
stuie200
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/22 21:35

  • stuie200

  • Friend of XOOPS

  • Posts: 161

  • Since: 2004/1/4 2


To further what Monty is saying you may also read this FAQ featured on my site

Click hereto access my information
"I'm as confused as a baby in a topless bar."

4
FruityB
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/22 21:36

  • FruityB

  • Not too shy to talk

  • Posts: 161

  • Since: 2005/5/19


with all respect m0nty, a comeback thread like that doesn't really help, I don't think bigzaphod is actually blaming XOOPS but people have to understand that this is a big issue for the people that have it.

m0nty wrote:
Quote:
.... so y blame xoops?


Obviously for the people that are php/xoopsed minded then an issue like this isn't a problem but some, including meself need help... and not much of it has been offered on this subject.
http://www.fruitybids.2babe.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
My xoops server is focked! using this for now!

5
FruityB
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/22 21:38

  • FruityB

  • Not too shy to talk

  • Posts: 161

  • Since: 2005/5/19


sorry, just to add aswell, I am not using any firewalls, not even a pop up blocker is installed.

I have Internet Explorer 6 and a copy of AVG Anti-virus running.
http://www.fruitybids.2babe.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
My xoops server is focked! using this for now!

6
allnewtome
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/22 23:58

  • allnewtome

  • Not too shy to talk

  • Posts: 175

  • Since: 2005/11/30


My last post must have been so long that the meaning was lost. If you want a simple way to fix the problem (not involving changing server settings) which I think you are suffering from:

1. Make sure the XOOPS_URL constant in mainfile.php is set to WWW.website.com (i.e. not just website.com)

2. Publicise your website with the WWW in the domain name.

3. Take the user login off the 1st page (as stuie200 has done in the site which he links to above).

Now for the waffle...

Point 3 means that even if someone types in the address WITHOUT the WWW, and if your server does not automatically change it to WWW, by the time they reach log-in they will be on a WWW page anyway (becuase XOOPS_URL affects all internal links).

The problem arises because each user session (or whatever its called) is linked only to either the non-WWW OR the WWW version of the site address. If your server doesn't automatically change it to WWW then this causes confusion. Try logging in and looking at a page only a registered user can see. Then change the URL to the same page but without the WWW. It will think that you aren't logged in anymore.


I'm sure the firewall issue is a valid one too, but from the sounds of it would be a less common area of concern. Anyone who had set their firewall to disable referrer information would probably understand the standard XOOPS error page anyway!!

7
bigzaphod
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/23 0:46

  • bigzaphod

  • Just popping in

  • Posts: 25

  • Since: 2005/9/27


Well m0nty, I guess there is a first time for everything. This is the first time I've requested help on XOOPS and had a jerk respond.

I was asking a question that has obviously never been completely answered...that obviously several have had questions about, and that there is no real fix for. As a webmaster I know that asking the average user to modify their firewall settings is going to make my site less likely to get visited.

It seems a fundamental flaw that visiting www.mysite.com vs. mysite.com makes any difference at all. I have tried with no firewall whatsoever, and still had nagging issues. So thanks but no thanks m0nty.

Stuie, thanks for the help, I am going to modify my (why am I here page) to something more resembling your page so that my visitiors will have a better explanation of what's going on.

And fruityb, good luck...doesn't look like we are going to get this 'solved' anytime soon.

8
m0nty
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/23 1:43

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


call me what you want.. i don't really care..

you asked why http referrers are used, i kinda explained it is needed and if they are blocked then it's a user problem not a XOOPS problem.. its well known fact that blocking them stops many sites working..

for more info on why referrers are used try searching google..

why there's no fix for it?? well that's because it's not a bug or a flaw. it's a user issue not a XOOPS issue.

as for never being completely answered, guess you should search deeper.. i remember topics about it going back a year or 2 on this site.. and google has a wealth of information..

i just personally think that users who think it's a really big issue to block http headers are being paranoid or they have something to hide.

i gave u the solution.. either do what u have done and disable referrers check or get your users to unblock headers..

and if you have disabled your firewall and still same happens then somethin else is blockin your headers.. check your security settings.. i don't know ur system so i don't know what you use.. either way, there is NO need to disable a firewall if u set it up right in the 1st place.

i have 2 firewalls on my machine and both are functional and both configured correctly. i have no problems whatsoever with headers..

9
bigzaphod
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/23 4:54

  • bigzaphod

  • Just popping in

  • Posts: 25

  • Since: 2005/9/27


Then perhaps I misunderstood your post, I recant my previous post and invite you to help me. If you know of anything that commonly blocks header info, please let me know. I am runnning an XP MCE 2005 edition PC, I do have antivirus software,but,I currently have no firewall at all....what is causing this problem.....

10
daranp
Re: http referer - the final post!! Why am I being redirected here?
  • 2006/1/23 14:40

  • daranp

  • Just popping in

  • Posts: 32

  • Since: 2005/5/26


Okay, I realise that it's no big deal to allow these referes but, from the non-technical point of view of the average joe blogs, any such warning or error message is worrying and is likely to mean a lost member to the site.

In addition, many office users do not have access to the company firewall settings - does this mean they are excluded?

That being said, I'm not personally intending to turn mine off (even if I knew how) but, just so's I understand, I'd assumed that the information gets sent to the server, so that the server knows you are a member of the site and then lets you view the page. So if you turn off the http referer, does that mean your site is a free for all and membership is therefore irrelevant. If not, then I've missed the point and don't see why you need the referer in the first place - can somebody please explain?

Now to my actual problem. I am using Norton 2006 and have set it up to allow referal headers etc from my site. From my initial login, I get taken to the "why am I being re-directed here" page. However, this is unesscary as I can then proceed to view all pages and make posts etc. Did I miss something?

Login

Who's Online

207 user(s) are online (142 user(s) are browsing Support Forums)


Members: 0


Guests: 207


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits