• NOTICE: This "Forum Navigation Questions" forum is only for asking questions related to navigating this web site. DO NOT post car-related questions here., For car-related questions, use the appropriate marque-related forum.
  • The Roadster Factory Recovery Fund - Friends, as you may have heard, The Roadster Factory, a respected British Car Parts business in PA, suffered a total loss in a fire on Christmas Day. Read about it, discuss or ask questions >> HERE. The Triumph Register of America is sponsoring a fund raiser to help TRF get back on their feet. If you can help, vist >> their GoFundMe page.
  • Hey there Guest!
    If you enjoy BCF and find our forum a useful resource, if you appreciate not having ads pop up all over the place and you want to ensure we can stay online - Please consider supporting with an "optional" low-cost annual subscription.
    **Upgrade Now**
    (PS: Subscribers don't see this UGLY banner)
Tips
Tips

What?

  • Thread starter Deleted member 8987
  • Start date
D

Deleted member 8987

Guest
Guest
Offline
Forbidden

You don't have permission to access /bcf/ on this server.

WARNING: Repeated attempts to access this directory will result in your IP being blocked on this server.

If you are trying to access www.Britishcarforum.com but are getting this error, try this: clear your browser cookies, then type in the domain name directly into your browser, like this: www.britishcarforum.com

Still having trouble? Contact bcfadmin@britishcarforum.com for help


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

__________________________________________________________________________________________

On the TR forum, I can see everything just fine, until I click on the one link (so far)

https://www.britishcarforum.com/bcf/showthread.php?117078-Up-date TRF-points-issues-resolved



You're gonna block my IP address?
 
Last edited by a moderator:
OP
D

Deleted member 8987

Guest
Guest
Offline
yeah...you must have been editing the post or something, but it was that way for some time.
That's TWO I've somehow managed to come across when you were fiddling with posts.
Strange.
 

Basil

Administrator
Staff member
Boss
Offline
yeah...you must have been editing the post or something, but it was that way for some time.
That's TWO I've somehow managed to come across when you were fiddling with posts.
Strange.

I have a set up security rules (several hundred rules actually) that are intended to prevent a hacker from injecting malicious code into the forum database. When you clicked on that link, it put the title of that thread into your browser address bar. There is a word in that title that the security rules saw as data-base related and thus blocked you from sending that thread address to the server. I have modified things to allow that thread to be accessed. Let me know if you run into any similar issues.
 
OP
D

Deleted member 8987

Guest
Guest
Offline
and here I thought you did all this to keep us on our toes while you were awaiting the new grandkid to make it's appearance.
 

Basil

Administrator
Staff member
Boss
Offline
The issue was the use of the word "update" in the thread title. When you would try to go to that thread, one of the many security rules would see the word "update" in the thread title, which of course puts that word in your browser address bar. One of the security rules installed on the server to prevent hackers looks at the word "update" in your browser address bar, and assumes it could be a possible database injection attack ("update" happens to be an SQL database command used to modify a database). The security rules, not wanting to allow a possible database injection attack, prevents your browser from accessing the server with that word in the browser address bar (thus the "forbidden" error).

So as not to have to disable that security rule, I have done a mass update of thread titles and replaced the word "Update" with "Up-date" in all threads with "update" in the title. That should prevent the security rule from being triggered. I'll make a separate post about this, but just FYI, here is a list of words to avoid using in thread titles:

union|select|create|rename|truncate|load|alter|delete|update|insert|desc

Using any of these words in a thread title, will cause anyone clicking a link for that thread to trigger the security rule and be blocked from the site.

If you must use, for example, "update" in a thread title, then hyphenate it, like this: up-date.
 
Top