• Hi Guest!
    You can help ensure that British Car Forum (BCF) continues to provide a great place to engage in the British car hobby! If you find BCF a beneficial community, please consider supporting our efforts with a subscription.
    There are some perks with a member upgrade!
    **Upgrade Now**
    (PS: Subscribers don't see this gawd-aweful banner
Tips
Tips

What?

  • Thread starter Deleted member 8987
  • Start date

Share this page

D

Deleted member 8987

Guest
Guest
Offline
Forbidden

You don't have permission to access /bcf/ on this server.

WARNING: Repeated attempts to access this directory will result in your IP being blocked on this server.

If you are trying to access www.Britishcarforum.com but are getting this error, try this: clear your browser cookies, then type in the domain name directly into your browser, like this: www.britishcarforum.com

Still having trouble? Contact bcfadmin@britishcarforum.com for help


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

__________________________________________________________________________________________

On the TR forum, I can see everything just fine, until I click on the one link (so far)

https://www.britishcarforum.com/bcf/showthread.php?117078-Up-date TRF-points-issues-resolved



You're gonna block my IP address?
 
Last edited by a moderator:
yeah...you must have been editing the post or something, but it was that way for some time.
That's TWO I've somehow managed to come across when you were fiddling with posts.
Strange.
 
TOC said:
yeah...you must have been editing the post or something, but it was that way for some time.
That's TWO I've somehow managed to come across when you were fiddling with posts.
Strange.
Click to expand...

I have a set up security rules (several hundred rules actually) that are intended to prevent a hacker from injecting malicious code into the forum database. When you clicked on that link, it put the title of that thread into your browser address bar. There is a word in that title that the security rules saw as data-base related and thus blocked you from sending that thread address to the server. I have modified things to allow that thread to be accessed. Let me know if you run into any similar issues.
 
and here I thought you did all this to keep us on our toes while you were awaiting the new grandkid to make it's appearance.
 
The issue was the use of the word "update" in the thread title. When you would try to go to that thread, one of the many security rules would see the word "update" in the thread title, which of course puts that word in your browser address bar. One of the security rules installed on the server to prevent hackers looks at the word "update" in your browser address bar, and assumes it could be a possible database injection attack ("update" happens to be an SQL database command used to modify a database). The security rules, not wanting to allow a possible database injection attack, prevents your browser from accessing the server with that word in the browser address bar (thus the "forbidden" error).

So as not to have to disable that security rule, I have done a mass update of thread titles and replaced the word "Update" with "Up-date" in all threads with "update" in the title. That should prevent the security rule from being triggered. I'll make a separate post about this, but just FYI, here is a list of words to avoid using in thread titles:

union|select|create|rename|truncate|load|alter|delete|update|insert|desc

Using any of these words in a thread title, will cause anyone clicking a link for that thread to trigger the security rule and be blocked from the site.

If you must use, for example, "update" in a thread title, then hyphenate it, like this: up-date.
 
Back
Top