Advertisement:

Author Topic: Re: Unable to verify the referrer address. Please go back and try again. on 2.0.17  (Read 1316 times)

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
Not trying to hijack thread but I am also getting this message since day one with user=guest...

https://bmwr65.org/smf/index.php?action=login2
Unable to verify referring url. Please go back and try again.
Type of error: User

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me!  i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.

I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"

What do I do?  I log in fine from home...

Offline lurkalot

  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,759
  • Gender: Male
  • Tinyportal Support
    • guitaristguild on Facebook
    • Tinyportal on GitHub
    • @GuitaristGuild on Twitter
    • Guitarist Guild
I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me!  i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.

I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"

What do I do?  I log in fine from home...

Seems to me, hitting your site with this url, without the www  https://bmwr65.org/smf/index.php will help.  Your login url removes the www

If I visit your site using the url you gave above "https://www.bmwr65.org" clicking the login gives me the error you are seeing.

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
lurk - Thanks a bunch!  I have a hard time wrapping my tiny brain around why this would kame any difference but I appreciate the help.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 60,092
  • Gender: Male
    • Kindred-999 on GitHub
it makes a difference because -- technically they are two different addresses.

https://bmwr65.org is your site
https://www.bmwr65.org is TECHNICALLY a subdomain of your site. It just so happens that the www subdomain normally points to the same location as the url without the www.

to fix this, add a redirect to your htaccess which automatically forces people to the non-www version of the url.

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
Kindred - thank you for the explanation.

Dzonney - Thanks, I will try to incorporate that into my .htaccess when I get back to civilization.  I'll need to look closely at my current .htaccess as it contains the redirect to the smf installation and tweaks to force https:.

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
Dzonney - Here is my current .htacess filw.  It contains the redirect to the smf forum as well as forcing https:  Do I just add your code to the end of it, or what?

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} ^bmwr65\.org$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bmwr65\.org$
RewriteRule ^/?$ "https\:\/\/www\.bmwr65\.org\/smf\/index\.php" [R=301,L]


Thanks!

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 60,092
  • Gender: Male
    • Kindred-999 on GitHub
Replace what you have with this

Code: [Select]

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
Kindred - Thank you.  I replaced my .htaccess with this and we'll see if the errors go away.  I was at least able to log on at https://www.bmwr65.org!

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
Kindred - My hat's off to you, no further errors since this change!  8)

Thank you!

Offline justinbowser

  • Semi-Newbie
  • *
  • Posts: 59
Kindred - I think we can put a fork in this issue with your patch!  The .htaccess change still allowed at least one of these errors to occur before I applied your fix, since then no more of this error!!!  ;D ;D ;D

Offline showngo

  • Jr. Member
  • **
  • Posts: 195
Digging up an old thread,   If I go into my Error log,  It is all this login 2 error also.

I went to the server, file manager.   
My Question is which htacess file.  I have a few in different locations and some with "." in the beginning and others without.


Thanks a million

Offline Dzonny

  • Localizer
  • SMF Super Hero
  • *
  • Posts: 12,522
  • Gender: Male
  • No sleep...
    • dzontra.nikola on Facebook
    • Dzonny on GitHub
    • dzontranikola on LinkedIn
    • @opusteniforum on Twitter
    • Samo opusteno
The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.

Offline showngo

  • Jr. Member
  • **
  • Posts: 195
The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

#Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests



That looks like a lot of extra

Offline Dzonny

  • Localizer
  • SMF Super Hero
  • *
  • Posts: 12,522
  • Gender: Male
  • No sleep...
    • dzontra.nikola on Facebook
    • Dzonny on GitHub
    • dzontranikola on LinkedIn
    • @opusteniforum on Twitter
    • Samo opusteno
Noted.

Try to replace it with this:
Code: [Select]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit


<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>



#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests

If something goes wrong just switch it back to your previous content.
Let us know if that helped though.

Offline showngo

  • Jr. Member
  • **
  • Posts: 195
I did the updated file and I could login at the login2 address.   From just overnight I have 40 pages of that error so i will see if there are more (Or at least a lot less) after the time I replaced the file.

I will let everyone know.  later on today when I check the error log.