Re: Unable to verify the referrer address. Please go back and try again. on 2.0.17

Started by justinbowser, October 12, 2020, 01:48:50 PM

Previous topic - Next topic

justinbowser

Not trying to hijack thread but I am also getting this message since day one with user=guest...

https://bmwr65.org/smf/index.php?action=login2
Unable to verify referring url. Please go back and try again.
Type of error: User

justinbowser

I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me!  i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.

I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"

What do I do?  I log in fine from home...

lurkalot

Quote from: justinbowser on October 19, 2020, 05:21:05 PM
I had originally thought these might be generated by random bots trying to register on the forum but it has now happened to me!  i am up in the mountains using my phone hot-spot and when I try to log in as admin I get this message.

I am not getting to the forum by any "referred" side just typing "https://www.bmwr65.org"

What do I do?  I log in fine from home...

Seems to me, hitting your site with this url, without the www  https://bmwr65.org/smf/index.php will help.  Your login url removes the www

If I visit your site using the url you gave above "https://www.bmwr65.org" clicking the login gives me the error you are seeing.

justinbowser

lurk - Thanks a bunch!  I have a hard time wrapping my tiny brain around why this would kame any difference but I appreciate the help.

Kindred

it makes a difference because -- technically they are two different addresses.

https://bmwr65.org is your site
https://www.bmwr65.org is TECHNICALLY a subdomain of your site. It just so happens that the www subdomain normally points to the same location as the url without the www.

to fix this, add a redirect to your htaccess which automatically forces people to the non-www version of the url.

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


justinbowser

Kindred - thank you for the explanation.

Dzonney - Thanks, I will try to incorporate that into my .htaccess when I get back to civilization.  I'll need to look closely at my current .htaccess as it contains the redirect to the smf installation and tweaks to force https:.

justinbowser

Dzonney - Here is my current .htacess filw.  It contains the redirect to the smf forum as well as forcing https:  Do I just add your code to the end of it, or what?

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} ^bmwr65\.org$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bmwr65\.org$
RewriteRule ^/?$ "https\:\/\/www\.bmwr65\.org\/smf\/index\.php" [R=301,L]


Thanks!

Kindred

Replace what you have with this



<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>


Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

justinbowser

Kindred - Thank you.  I replaced my .htaccess with this and we'll see if the errors go away.  I was at least able to log on at https://www.bmwr65.org!

justinbowser

Kindred - My hat's off to you, no further errors since this change!  8)

Thank you!

justinbowser

Kindred - I think we can put a fork in this issue with your patch!  The .htaccess change still allowed at least one of these errors to occur before I applied your fix, since then no more of this error!!!  ;D ;D ;D

showngo

Digging up an old thread,   If I go into my Error log,  It is all this login 2 error also.

I went to the server, file manager.   
My Question is which htacess file.  I have a few in different locations and some with "." in the beginning and others without.


Thanks a million

Dzonny

The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.

showngo

Quote from: Dzonny on January 23, 2021, 03:23:58 PM
The correct one would be with the dot, so ".htaccess" file in the root of your forums directory. You can take a look at it, and see what it has, might be something added previously, or something that the mod required.

# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php73" package as the default "PHP" programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

#Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests



That looks like a lot of extra

Dzonny

Noted.

Try to replace it with this:

# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php73" package as the default "PHP" programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit


<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>



#Insecure Content
RewriteOptions inherit
RewriteEngine on
Header set content-Security-Policy: upgrade-insecure-requests


If something goes wrong just switch it back to your previous content.
Let us know if that helped though.

showngo

I did the updated file and I could login at the login2 address.   From just overnight I have 40 pages of that error so i will see if there are more (Or at least a lot less) after the time I replaced the file.

I will let everyone know.  later on today when I check the error log.

Advertisement: