UniServer 3.3

[Ric]

When you receive the error message HTTP_REFERER is not localhost. but ''. the security check is working. Disabling the security check by commenting out the offending lines in /home/admin/www/cgi-bin/secure.pm is masking the problem.

 

What is this referrer thing? When you click a link to go to a new Internet page, your browser secretly sends along with the request the domain address of the current page. This is called the 'referrer' among other things it can be used for data logging to find out where a user came from. UniServer uses the referrer to check validly of the domain (localhoast) that can access the admin area.

 

Now depending on your firewall settings the referrer can be filtered out to prevent your last page identity being obtained. This is known as stealth well the bottom line it produces the error message above and prevents access by localhost.

 

The solution is to set your firewall so it does not filter out the referrer for localhost. All firewalls have a different procedure to do this I have listed a few of the common ones:

 

To add insult to injury you may find your browser has been set to prevent sending the referrer. I have also included some of the common browsers.

 

Note: To check if it is a firewall issue disconnect from the Internet and turn your firewall off. Check to see if you still get the error message. If you do it is most likely a browser issue and not a firewall problem.

 

Common firewalls:

 

Norton Personal

 

To Create a Rule

Open Norton Internet Security or Norton Personal Firewall and choose one of the following:

 

In Norton Internet Security/Norton Personal Firewall 2003

 

1. Click Options > Internet Security or

2. Personal Firewall (This step is not always needed) and click the Web Content tab

 

In Norton Internet Security/Norton Personal Firewall 2004

 

1. Double-click Privacy Control

2. Click Advanced

3. Click Add Site (A new site/domain box appears)

4. Enter the name of the site that you want to receive the referrer information and click OK. In this example, it will be localhoast. The site name appears in the left frame of the Options window.

5. Click the name of the new site

6. Click the Global Settings tab

7. In the "Information about visited sites" section, clear "Use default settings"

8. Click Permit

9. Click OK to close the Options window

 

Netbarrier:

 

Go to Privacy > Surf > Information Hiding, and uncheck the "Last Web site visited" box.

 

Sygate Firewall:

 

The free version of this firewall does not block sending referrers.

 

The Pro version:

 

Click Tools > Options > Security

 

Ensure that 'enable stealth mode browsing' is unchecked.

 

Zone Alarm Pro:

 

1) Under Privacy Button on Left, Click on Site List Tab.

2) Right click on "Private Header" column where localhost URL is located. Or click "Add" to add the URL.

3) From the menu, choose Options

4) On the first tab named "Cookies", remove checkmark on "third party cookies - remove private header information"

5) Click OKAY

 

 

McAfee:

 

1. Right-click the red M icon.

2. Click Privacy Service.

3. Click Options.

4. The McAfee Privacy Service window appears. Click Cookies.

5. Enter each website address from which you would like to allow cookies.

6. Click Add.

7. Once completed, close the window

 

Privoxy

 

There is a "+hide-referrer" option that defaults to "forge a url" in the referral header; either disable this option in default.action (-hide-referrer) or simply place your domain in the { fragile } section of user.action. Another option is to exclude your domain from being proxied in your web browser's setings.

 

Common browsers:

 

Internet Explorer 6

This can be done from the computer's Control Panel > Internet Options, or from within the browser Tools > Internet Options.

1) Click Security.

2) Click Trusted Sites then Sites.

3) Add your website address in the box provided and click Add.

4) Uncheck the box that requires https verification.

5) Click the Privacy tab (Medium is an acceptable setting on the slider, but click Sites and again enter your website address)/

6) Now click Allow.

7) Click Apply.

 

Firefox 1.0*

1) Type about:config in the URL address bar.

2) A large collection of alphabetically listed information will appear in the browser window.

3) Search for network.http.sendRefererHeader.

By default, this should be set at 2.

If it is set to 0 - which disables sending referrers - right click it, select Modify and enter 2 as the value.

4) If that doesn't work, try a value of 1

 

Opera

Sending referrers is enabled by default.

If you have disabled it, go to Tools > Preferences > Privacy and re-enable it.

 

One last comment what an excellent piece of work.

[AlleyKat]

And an excellent post.

[olajideolaolorun]

Just like Alleykat said, an excellent post indeed.