Upgraded PHP Nuke 7.6 from 2.9 to 3.1 and now myself and several others get this message when trying to login or post something on the site.
Warning: your browser doesn't send the HTTP_REFERER header to the website.
This can be caused due to your browser, using a proxy server or your firewall.
Please change browser or turn off the use of a proxy
or turn off the 'Deny servers to trace web browsing' in your firewall
and you shouldn't have problems when sending a POST on this website.
Others do not get this error and it seems the people who do get the error are using some kind of firewall.
Yesterday I implemented the 3.1 upgrade for phpnuke 7.6 and have had a couple of users notify me of this issue. In trying to research this all responses to these questions are "disable your firewall" or "allow for http_refs" but I am wondering if there are any other work-arounds for this?
Was this implemented to provide additional features to phpnuke, security concerns, or both? Is there any way to disable this and by doing so, how severe are the consequences? What features will be lost and/or security holes opened?
On a side note, with everyone mentioning this started as soon as they upgraded to v3.1 I cannot honestly say if it was upgrading to v3.1 that caused this or upgrading bbtonuke to version 2.0.17 as both of these were performed yesterday...
I had this same problem with 7.7 i have worked out it is the firewall that is causing the problem and i to wondered if there was a way around this. I don't want to have to tell all my users individually how to configure their firewalls! For one i wouldnt know myself how they are configured.
On a side note, with everyone mentioning this started as soon as they upgraded to v3.1 I cannot honestly say if it was upgrading to v3.1 that caused this or upgrading bbtonuke to version 2.0.17 as both of these were performed yesterday...
I also installed bbtonuke 2.0.17 on the same day I installed 3.1
I had to permit information about visited sites in my firewall (Norton Internet Security) so that it would work.
It would be nice if there was a workaround for this since this is the only site I have this problem with.
This is still a major problem for my site with locking certain people out. I didnt run any patches for phpbb forum.i merely ran the 3.1 upgrade script.If I had protector and sentinel installed would the edits in mainfile.php still be a great security risk.I can't really afford to tell everyone how to configure their firewalls.
edit:I have found the code to comment out in mainfile.php (i think anyway). But I would still like to know the security implications of this if anyone knows.
I'm having exactly the same problems, with many users complaining of the above with the 3.1 patch installed. Asking them to change their Firewalls is, unfortunately, unrealistic as either they wouldn't bother (and not return) - or they simply can't because they don't have access to the Firewall settings themselves.
Please could you post here how to nullify this so it was as before the 3.1 patch was installed.
Will NukeSentinel still work with the above nullified?
This is affecting a significant number of users in the past 24 hours alone.
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($_SERVER['HTTP_REFERER'])) {
if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
die('Posting from another server not allowed!');
}
} else {
die($posttags);
}
}
Note: this may make your site more vulnerable to hackers, use at your own risk
I know this is a late reply on a topic but i have the same issue. What is a better ay to resolve this. I hve never seen this ever in my time using nuke.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Latest: 
Visitation: 
