PDA

View Full Version : Security Rule Problem



pellmell
09-02-2015, 06:28 AM
When I try to access this forum from my regular computer, I get the following security rule error:

The page you are trying to access is restricted due to a security rule.

If you believe the security rule is affecting the normal operation of your website, contact your host support team and provide detailed instructions how to recreate this error.
They will be able to assist you with rectifying the problem and adjusting the security configuration if needed.

According to Google, it's a site problem, not a computer problem. I would ask whether anyone else is having the problem, but if they are, they're not here. The error pops after after I enter my user name and password on a Windows 7 computer using Chrome, Firefox, or IE.

vlk56pa
09-02-2015, 07:03 AM
I'm not having a problem on my Windows 7 laptop, using Chrome.

stacy-s
09-02-2015, 07:07 AM
I received the same error message (from my iPhone). I tried logging in again, and it was fine.

spoiled_lil_boy
09-02-2015, 07:09 AM
I received the same error message (from my iPhone). I tried logging in again, and it was fine.


Ditto. I got that weird error when I was setting up my username/password, but haven't seen it again since.

pellmell
09-02-2015, 07:47 AM
Strange. I just tried again from the office. The same error popped up. I closed the browser and reopened it to try to create a new account to see where the problem is, and the site opened. Greebo needs to look into the security settings on the forum software.

GertieMcFuzz
09-02-2015, 08:48 AM
Could having multiple sessions be causing the error?

I had the issue when I had logged in via my phone and then when I tried to log in on the computer without having first logged off/closed my phone session.

pellmell
09-02-2015, 09:55 AM
Maybe, but if so, that's a stupid error message. Other software (vBulletin, phpBB) are not afflicted with that flaw.

Securityblanket
09-02-2015, 11:14 AM
Most likely it is due to still having an active session on another device. I just tried to login at work & got that message, which prompted me to remember that at home I logged in for the day. The drop down menu gives options and since I was posting I wanted to insure I didn't loose the post due to getting logged out of my session. So now I guess I am going home for lunch. ;D

SueandTom
09-02-2015, 11:19 AM
I hope we can be logged on with more than one device at a time- I tend to float from desktop to Fire most of the day.

Thomas.
09-02-2015, 11:34 AM
I am switching back and forth using Safari on MacBook Air and iPhone without problems.

holdingpatternx1
09-02-2015, 10:53 PM
I only got the error for the Visitors Corner.

financial_mom
09-03-2015, 12:07 AM
I received the same error message (from my iPhone). I tried logging in again, and it was fine.


Ditto. I got that weird error when I was setting up my username/password, but haven't seen it again since.


me too

lexnaturalis
09-03-2015, 09:32 AM
I got the error when logging in from my phone, but I just reloading the main page and it worked fine. I also got it once when initially logging in. I think there must be a weird redirect issue in certain cases when entering/updating your password.

EvilGreebo
09-03-2015, 09:42 AM
I've gotten occasional reports of this - one person reported that the issue went away when they stopped trying to log in 'forever' and instead logged in for 24 hours.

lexnaturalis
09-03-2015, 03:54 PM
If I get it again I'll make sure to save the URL (because it's a security-related URL with a hash in it) to see if there's some edge cases triggering the problem.

EvilGreebo
10-02-2015, 06:44 AM
Old thread, but cracked it.

Links with apostrophes (') or encoded apostrophes (%27) are automatically blocked by siteground.

It's a protection against SQL Injection attacks. Nice extra filter there for users running inept software but we're safe, so I'll ask them to disable it.

You will see it if you have a link like (DON'T CLICK THESE, THEY'RE EXAMPLES!!!)://www.debtfreefanatics.com/showthread.php?2497-C-is-for-cookie&highlight=won%27t
or
http://www.debtfreefanatics.com/showthread.php?2497-C-is-for-cookie&highlight=won't

because the apostrophe (encoded or not) can be a precursor to a hacking attempt.

I'm going to ask our host, siteground, to disable the protection.

EvilGreebo
10-02-2015, 07:09 AM
Siteground cleared the security restriction in our .htaccess file

I really need to learn about those.

Course I'm still IP blocked from my home PC... lol