smartfaq
SmartFAQ is developed by The SmartFactory (http://www.smartfactory.ca), a division of InBox Solutions (http://www.inboxsolutions.net)

Why am I having problems logging in and posting when my firewall is on?
Requested and Answered by Webmaster on 2004/5/10 4:05:41 (24899 reads)
Firewalls prevent unauthorised data being transferred from and to your computer. This effects data between applications connecting websites. Usually firewall users can "allow" permitted applications to transfer data and set various levels of security.

For example, XOOPS sites use the HTTP_REFERRER information to check if you're logged into the website. Some firewalls (most notably software firewalls such as Norton and ZoneAlarm) block this information being sent to the server. This could prevent you from logging into the XOOPS site. Typically this becomes evident when you log into the website, the login is confirmed, and you still see the 'login' box on the page, and you're not logged in at all.
The solution is to add the XOOPS site you're trying to log into to the Trusted Sites list of your firewall application.


The comments are owned by the author. We aren't responsible for their content.
  • Module Developer

 More details...

T-tech posted this very helpful information in the forums on Aug 4 2004:

For security reasons, when you post a reply etc, the site checks that you have actually come from a page on the forum using what is called a HTTP_REFERER. This ensures that database entries can only come from the right page, and stops any external scripts (and would-be-if-they-could-be hackers)from entering info from souces OTHER than the forum reply page itself.

Unfortunately, some firewall and web filtering software, such as some versions of Zone Alarm, block HTTP_REFERER's by default.


# Disable WebWasher Standard Filter/URL Filter
# Disable any "ad blocking" software
# Disable any Pop-up blockers
----------------------------------------------------------
Zone Alarm Pro:

1. Click Privacy
2. Click Cookie Control
3. Click Custom
4. Uncheck "remove private header information"
----------------------------------------------------------
Windows XP's Internal Firewall

1. Open XP's Control Panel
2. Double-click Networking and Internet Connections
3. Select Network Connections
4. Right-click on the connection to disable, then select Properties
5. On the Advanced tab, clear the Protect my computer or network checkbox
6. Press OK
----------------------------------------------------------
Norton Internet Security 2002 (or earlier)

1. Open NIS or NPF.
2. Click Options.
3. Click Internet Security or Personal Firewall. (This step is not always needed.) The Options window appears.
4. Click Advanced Options.
5. Click the Web tab.
6. Click Add Site. A new site/domain box appears.
7. Enter www.88wp.com and click OK. The site name now appears in the left frame of the Advanced Options window.
8. Click the name of the new site.
9. Click the Privacy tab.
10. Check the "Use these rules for..." box.
11. Change the Referrer from "Block" to "Permit."
12. Click Apply, and then click OK.
13. Click OK to close the Options window.
----------------------------------------------------------
Norton Internet Security 2003/2004

1. Open NIS or NPF.
2. Do one of the following.
* In NIS/NPF 2003, click Options > Internet Security or Personal Firewall (This step is not always needed), and then click the Web Content tab.
* In NIS/NPF 2004, double-click Privacy Control, and then click Advanced.
3. Click Add Site. A new site/domain box appears.
4. Enter www.88wp.com and click OK. The site name now appears in the left frame of the Options window.
5. Click the name of the new site.
6. Click the Global Settings tab.
7. In the "Information about visited sites" section, clear "Use default settings."
8. Click Permit.
9. Click OK to close the Options window.
----------------------------------------------------------
Techincal Information about HTTP_REFERER's

(for the geeks who care)

When you click a Web page, your browser notes the current page that you are on and sends that information to the server of the new Web page. This way, the server for the new Web page knows the last Web page that you viewed.

For example, if you are on www.symantec.com and click www.microsoft.com , the browser sends www.microsoft.com the information that you are currently viewing www.symantec.com. If you block referrer information, the server of the page you are requesting to see does not know what page you saw last. By default, Norton Internet Security (NIS) and Norton Personal Firewall (NPF) block this information. Some Web sites require this information before they allow you to see their pages.

---------

I'll add that from a security perspective, if your modules are properly checking the validity of the variables they are receiving from the user, not relying on variables in the URL for sensitive info, etc, then your security issues are minimized. But there is no question that disabling the referrer check reduces the overall level of security on the site.

It's up to you how much of a compromise this is, given the modules you're using and how you're using them.

--Julian

 
  • XOOPS is my life!

 Re: More details...

kgmetcalfe reports a change in Norton 2005

norton 2005 has a little change in it... one that they didnt bother to let us ( the public - not in their manual) know about:

Steps:
privacy control - click on configure - choose custom level - uncheck browser privacy - click ok. end of freaking problem.