Form Mailer Produces Error for Me; Works Fine for Hosting Se

  • tonyb48
  • Born
  • Born
  • tonyb48
  • Posts: 3
  • Loc: California

Post 3+ Months Ago

My first CGI. My Hosting Service generously offers a shared form mailer FormMail 1.6 by Matt Wright. The hosting service edits the @referers upon request. When I use this script in my form I get a "Bad Referrer - Access Denied" message. However, when my hosting service runs my form, it works perfectly. Is there a solution to this?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

Your provider must be adding your URL's form to the referrers list. So it should be working if you use the form from the URL added to the list. You won't be able to use the CGI from other form, even the same form under other directory.

Let's say your provider added: http://www.site.com/forms/mail.html

You cannot move the form to other directory than forms nor move it to other server.
  • tonyb48
  • Born
  • Born
  • tonyb48
  • Posts: 3
  • Loc: California

Post 3+ Months Ago

Thanks very much for the quick answer. The hosting service reports that he added tonybarre.com and http://www.tonybarre.com to the referrer list. The form resides at http://www.tonybarre.com/service_form.html. Is it necessary for him to add the detail path or is the domain name sufficient? Thanks
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

Well, that depends on how the script does the referrer verification. It could be checking just the domain name, in this case it should be working already. If other provider's customers are using the CGI from their own domains, I think your provider knows how to make it work. Ask him for double checking it. You could ask for any error log also, since you can find useful information in an HTTP server error log.

I was thinking: Did your provider test your form? The actual form that is not working.
You said "However, when my hosting service runs my form, it works perfectly." What do you mean by that? Your provider places your form on its own virtual host? Or your provider is testing the script on your page?

For the referrer check to work, your browser MUST send the HTTP "Referrer" field to the server. There are some UGLY browsers and proxies sending invalid referrer fields. Take in count, even if your form starts working, users of such browsers and proxies won't be able to use it.
  • tonyb48
  • Born
  • Born
  • tonyb48
  • Posts: 3
  • Loc: California

Post 3+ Months Ago

Thank you for your thoughtful reply. I think I have the solution & I want to share it since it seems like it will come up for others. I think some firewalls strip out the referer information. All of my testers had just converted to DSL and use the same modem/router that the vendor (2wire) says has a built-in firewall. This firewall has no user interface so I don't know for sure what it does. I found another form mailer at http://nms-cgi.sourceforge.net/scripts.shtml. This mailer claims to be a drop-in superset of the one I was using, but more secure. At the same time, it has an option to disable the referer check. I figured out how to edit the script and load it into my cgi-bin (a first for me, after many "internal server errors" etc.) Now it works. With so many folks using firewalls and getting them from SBC, and with FormMail being so widespread, I imagine this problem will arise again. I hope our interaction will help others.
Tony
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

You can be sure post like this will help many people out there. Therefore, I will add another hint here.

In order to verify the referer information, the only thing you need is a scripting language. Let's say your site supports PHP. Then you create an HTML file (test1.html) with a link to (test2.php). You fill the PHP file (test2.php) with:
Code: [ Select ]
<?

print("HTTP Referer field: ".$_SERVER['REFERER']);

?>
  1. <?
  2. print("HTTP Referer field: ".$_SERVER['REFERER']);
  3. ?>


You can check this scrip right now here, you should get the whole URL of this page as referer.

Finally, you click on the link to test2.php file from the HTML and you have to get a message like:

HTTP Referer field: http://www.site.com/test1.html

That would be a valid referrer field. Some nasty firewalls and browsers will send:

HTTP Referer field: http://www.avantbrowser.com

Yes, I got that address (http://www.avantbrowser.com) from the statistics page of my web site. Of course, I went to this page thinking they may have added a link to my site. No, they didn't. It seems that avantbrowser users are being used to promote that "freeware" tool.
:)

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 128 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.