Topic: Re: Unable to verify the referrer address. Please go back and try again. on 2.0.17

[justinbowser]

Not trying to hijack thread but I am also getting this message since day one with user=guest...

https://bmwr65.org/smf/index.php?action=login2
Unable to verify referring url. Please go back and try again.
Type of error: User

[justinbowser]

I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me!  i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.

I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"

What do I do?  I log in fine from home...

[lurkalot]

I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me!  i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.

I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"

What do I do?  I log in fine from home...

Seems to me, hitting your site with this url, without the www  https://bmwr65.org/smf/index.php will help.  Your login url removes the www

If I visit your site using the url you gave above "https://www.bmwr65.org" clicking the login gives me the error you are seeing.

[justinbowser]

lurk - Thanks a bunch!  I have a hard time wrapping my tiny brain around why this would kame any difference but I appreciate the help.

[Kindred]

it makes a difference because -- technically they are two different addresses.

https://bmwr65.org is your site
https://www.bmwr65.org is TECHNICALLY a subdomain of your site. It just so happens that the www subdomain normally points to the same location as the url without the www.

to fix this, add a redirect to your htaccess which automatically forces people to the non-www version of the url.

[Dzonny]

Might be useful though:
https://www.simplemachines.org/community/index.php?topic=575127.msg4070848#msg4070848

[justinbowser]

Kindred - thank you for the explanation.

Dzonney - Thanks, I will try to incorporate that into my .htaccess when I get back to civilization.  I'll need to look closely at my current .htaccess as it contains the redirect to the smf installation and tweaks to force https:.

[justinbowser]

Dzonney - Here is my current .htacess filw.  It contains the redirect to the smf forum as well as forcing https:  Do I just add your code to the end of it, or what?

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} ^bmwr65\.org$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bmwr65\.org$
RewriteRule ^/?$ "https\:\/\/www\.bmwr65\.org\/smf\/index\.php" [R=301,L]

Thanks!

[Kindred]

Replace what you have with this

Code: [Select]


<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>



[justinbowser]

Kindred - Thank you.  I replaced my .htaccess with this and we'll see if the errors go away.  I was at least able to log on at https://www.bmwr65.org!

[justinbowser]

Kindred - My hat's off to you, no further errors since this change! 

Thank you!

[justinbowser]

Kindred - I think we can put a fork in this issue with your patch!  The .htaccess change still allowed at least one of these errors to occur before I applied your fix, since then no more of this error!!! 

[showngo]

Digging up an old thread,   If I go into my Error log,  It is all this login 2 error also.

I went to the server, file manager.   
My Question is which htacess file.  I have a few in different locations and some with "." in the beginning and others without.


Thanks a million

[Dzonny]

The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.

[showngo]

The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

#Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests


That looks like a lot of extra

[Dzonny]

Noted.

Try to replace it with this:

Code: [Select]

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit


<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>



#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests

If something goes wrong just switch it back to your previous content.
Let us know if that helped though.

[showngo]

I did the updated file and I could login at the login2 address.   From just overnight I have 40 pages of that error so i will see if there are more (Or at least a lot less) after the time I replaced the file.

I will let everyone know.  later on today when I check the error log.