To administer the board you must re-authenticate yourself.

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49331
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by stevemaury » Thu Jul 19, 2018 9:41 pm

Exclusive wrote:
Thu Jul 19, 2018 9:28 pm
Lumpy Burgertushie wrote:
Thu Jul 19, 2018 9:18 pm
ok, first, put a dot in front of the cookie domain

then, since you are using cloudfare ssl you really need to set cookie secure to yes and add the bit to the htaccess file that redirects all http requests to https.

that could be the problem.

that is providing that you really mean you are being logged out and not that you are just seeing the re authenticate box when you try to access the admin panel.


robert
Thanks for your response. The forum cookies URL is: forum. is there any need of putting a dot before the forum (.forum.)?
NO
and the Cookies name is: phpbb3_j2lwq4 ? is there anything wrong?
Change to 4 to a 5
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64685
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Lumpy Burgertushie » Thu Jul 19, 2018 9:58 pm

Exclusive wrote:
Thu Jul 19, 2018 9:28 pm


Thanks for your response. The forum cookies URL is: forum. is there any need of putting a dot before the forum (.forum.)?
and the Cookies name is: phpbb3_j2lwq4 ? is there anything wrong?

On my Cloudflare > Crypto > Always use HTTPS, I have enabled this option. Is there any other need to also add the bit to the htaccess file that redirects all http requests to https again?
apparently yes. I was never redirected to https until I specifically typed it in to see if you were running ssl.

there are many posts here about all sorts of problems when using cloudfare. the cloudfare ssl not working properly is one of them.


if it was me, I would turn off cloudfare. I seriously doubt you are getting any true benefits from hit anyway.

that is just me.

rob ert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

User avatar
Exclusive
Registered User
Posts: 70
Joined: Mon Jun 25, 2018 1:33 pm
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Exclusive » Thu Jul 19, 2018 10:00 pm

stevemaury wrote:
Thu Jul 19, 2018 9:41 pm
Change to 4 to a 5
Then what about the Cookies secure, Should I Enable or Disable it?
Use Search Button to get Instant Results | Follow Forum Rules
Avoid Spams in the forum to prevent banning the offending account. | Visit My Website!

User avatar
Exclusive
Registered User
Posts: 70
Joined: Mon Jun 25, 2018 1:33 pm
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Exclusive » Thu Jul 19, 2018 10:02 pm

Lumpy Burgertushie wrote:
Thu Jul 19, 2018 9:58 pm
Exclusive wrote:
Thu Jul 19, 2018 9:28 pm


Thanks for your response. The forum cookies URL is: forum. is there any need of putting a dot before the forum (.forum.)?
and the Cookies name is: phpbb3_j2lwq4 ? is there anything wrong?

On my Cloudflare > Crypto > Always use HTTPS, I have enabled this option. Is there any other need to also add the bit to the htaccess file that redirects all http requests to https again?
apparently yes. I was never redirected to https until I specifically typed it in to see if you were running ssl.

there are many posts here about all sorts of problems when using cloudfare. the cloudfare ssl not working properly is one of them.


if it was me, I would turn off cloudfare. I seriously doubt you are getting any true benefits from hit anyway.

that is just me.

rob ert
It should redirect you now as I just purge my Cloudflare's cache.
Use Search Button to get Instant Results | Follow Forum Rules
Avoid Spams in the forum to prevent banning the offending account. | Visit My Website!

User avatar
Lumpy Burgertushie
Registered User
Posts: 64685
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Lumpy Burgertushie » Thu Jul 19, 2018 11:29 pm

nope, I just clicked on the link in your sig file which is to http and it took me to http not https.
clearing the cache in cloudfare is not the issue. turn cloudfare off and then clear your cache in your browser and then test.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49331
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by stevemaury » Fri Jul 20, 2018 12:52 am

Exclusive wrote:
Thu Jul 19, 2018 10:00 pm
stevemaury wrote:
Thu Jul 19, 2018 9:41 pm
Change to 4 to a 5
Then what about the Cookies secure, Should I Enable or Disable it?
Do you have a Certificate?
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 2734
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by thecoalman » Fri Jul 20, 2018 12:54 pm

What setting are you using for SSL on Cloudlfare? If you are using the flexible option you cannot redirect or use https on the server.

If so try switching to the full SSL option, you should have default certificate installed which will work for that. From there you can add the redirect on your server and even add one Cloudlfare. These setting should work in phpBB control panel if you are using full ssl on cloudflare.

Under Server settings:
Server protocol: https://
Server port: 443

Under Cooking settings enable secure cookie.

User avatar
Exclusive
Registered User
Posts: 70
Joined: Mon Jun 25, 2018 1:33 pm
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Exclusive » Fri Jul 20, 2018 8:48 pm

thecoalman wrote:
Fri Jul 20, 2018 12:54 pm
What setting are you using for SSL on Cloudlfare? If you are using the flexible option you cannot redirect or use https on the server.

If so try switching to the full SSL option, you should have default certificate installed which will work for that. From there you can add the redirect on your server and even add one Cloudlfare. These setting should work in phpBB control panel if you are using full ssl on cloudflare.

Under Server settings:
Server protocol: https://
Server port: 443

Under Cooking settings enable secure cookie.
It now working fine when I use the HTTP redirect on my Cloudflare (Crypto > Always use HTTPS) and when I enable secure cookie on ACP. But the issue is, If I'm not mistaking, that forum is the first GSM-Forum in phpBB and I wouldn't like the https:// to be included in the URL.
Use Search Button to get Instant Results | Follow Forum Rules
Avoid Spams in the forum to prevent banning the offending account. | Visit My Website!

User avatar
Exclusive
Registered User
Posts: 70
Joined: Mon Jun 25, 2018 1:33 pm
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Exclusive » Fri Jul 20, 2018 10:12 pm

Or is there a fix to this without the HTTPS redirect?
Use Search Button to get Instant Results | Follow Forum Rules
Avoid Spams in the forum to prevent banning the offending account. | Visit My Website!

User avatar
Lumpy Burgertushie
Registered User
Posts: 64685
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Lumpy Burgertushie » Fri Jul 20, 2018 10:57 pm

Exclusive wrote:
Fri Jul 20, 2018 8:48 pm
thecoalman wrote:
Fri Jul 20, 2018 12:54 pm
What setting are you using for SSL on Cloudlfare? If you are using the flexible option you cannot redirect or use https on the server.

If so try switching to the full SSL option, you should have default certificate installed which will work for that. From there you can add the redirect on your server and even add one Cloudlfare. These setting should work in phpBB control panel if you are using full ssl on cloudflare.

Under Server settings:
Server protocol: https://
Server port: 443

Under Cooking settings enable secure cookie.
It now working fine when I use the HTTP redirect on my Cloudflare (Crypto > Always use HTTPS) and when I enable secure cookie on ACP. But the issue is, If I'm not mistaking, that forum is the first GSM-Forum in phpBB and I wouldn't like the https:// to be included in the URL.
not sure what you are asking. what difference does it make about what the forum/board is or is not? either you use https or you don't. if you don't then you will get all sorts of errors in your browser ( and so will everyone else ). nowdays you really have to use ssl whether you want to or not.
(thanks google )

there is no downside to using https:


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

User avatar
3Di
Registered User
Posts: 12756
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by 3Di » Sat Jul 21, 2018 3:20 am

I don't think there are GSM users connecting to your forum. 8-)
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

User avatar
Exclusive
Registered User
Posts: 70
Joined: Mon Jun 25, 2018 1:33 pm
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Exclusive » Sat Jul 21, 2018 7:11 am

3Di wrote:
Sat Jul 21, 2018 3:20 am
I don't think there are GSM users connecting to your forum. 8-)
:roll: The forum is not up to a month old!
Use Search Button to get Instant Results | Follow Forum Rules
Avoid Spams in the forum to prevent banning the offending account. | Visit My Website!

User avatar
John connor
Registered User
Posts: 1616
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by John connor » Sat Jul 21, 2018 12:45 pm

I use CloudFlare and SSL perfectly fine without issue. Without reading through the whole topic, here's how to set this up.


Install an encryption certificate in your host in cPanel. They should have the option for the free Lets Encrypt certificate. Once that's installed go to your board's ACP. Under Server settings: Server protocol: https://, Server port: 443, cooking setting: enable secure cookie. Now go to CloudFlare, not in your host, but their website. DO NOT use CloudFlare in cPanel. It's a major F up. You want to use their website and their website ONLY! Go under the SSL options in CloudFlare and set up full strict SSL or what ever it's called. That should do it. From that moment on all URLs will have HTTPS:\\

You may need to set up a page rule in CloudFlare to make sure HTTP goes to HTTPS. You get three page rules for free. Another page rule you could setup is to cache the styles folder. I wouldn't setup other folders for caching. Now you may have mixed content on your board. Being the nature of forums that's inevitable. So make sure you look in CloudFlare under the Encryption page and turn on mixed content or what ever it's called. Now all content should be encrypted. How CloudFlare prevents mixed content is with their use of the HTTPS Everywhere project and something else. So long as URLs on your board have an HTTPS availability instead of HTTP, CloudFlare will automatically fetch those URLs instead keeping all content on your board served over SSL/TLS.

Now, using CloudFlare is half the battle. It's main feature is preventing a DDoS attack. But you need to use CloudFlare and set things up in such a way to prevent your origin IP from being known. One of these involves never using your host's E-mail. So the MX record in CloudFlare is out of the question as the MX record will expose your origin IP in a hurry. So what that means is you have to use a third-party E-mail service. Since my board isn't very big I use Gmail. If I grow I plan on using Namecheap's E-mail offering. I do have a dedicated E-mail with them already for resume and work purposes. It's only $10/year if I can remember right. Then your yearly domain costs.

Another factor is that if you setup CloudFlare after your host gave you an IP then your IP is now known. Especially with domain history websites. So after you setup CloudFlare you would have to have your host give you a new IP and then you enter that in your CloudFlare DNS settings.

If you use a shared account DO NOT get a dedicated IP. Doing so will expose your origin IP. Why? Because there's a tool that can scan the whole IPv4 space on the Internet in about 45 minutes and find your domain. To combat that stay hidden with an IP that's shared among other users in your shared hosting account. If use use a VPS then you need to block all IPs except CloudFlare's and maintain CloudFlare IPs as they change. So you need to stay abreast of their IP changes which isn't all that often.

I would not use a subdomain on CloudFlare. I can't remember how, but it will expose your origin IP. I would also not allow the use of remote avatars. I don't even allow gravatar. Reason being is that a remote avatar can fetch your origin IP.

That's about it. You don't have to do all that, but if you truly want to benefit from what CloudFlare offers in security you'll do what I outlined. Just remember that when you work on your board or update it you disable CloudFlare and purge not only its cache, but your board's cache as well. You now have in effect two caches.

Now I need to squeeze a squid. Ran out of ink. :lol:

User avatar
Exclusive
Registered User
Posts: 70
Joined: Mon Jun 25, 2018 1:33 pm
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by Exclusive » Sun Jul 22, 2018 6:58 am

Mehn, You're the man! Thanks a lot!
Last edited by Mick on Sun Jul 22, 2018 7:03 am, edited 1 time in total.
Reason: Removed unnecessary quoting.
Use Search Button to get Instant Results | Follow Forum Rules
Avoid Spams in the forum to prevent banning the offending account. | Visit My Website!

User avatar
John connor
Registered User
Posts: 1616
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: To administer the board you must re-authenticate yourself.

Post by John connor » Mon Jul 23, 2018 2:43 am

The post above was edited and due to that I had no notification. Is that something phpBB needs to fix?

Post Reply

Return to “[3.2.x] Support Forum”

Who is online

Users browsing this forum: aleksanderd, Baidu [Spider], Hartenheer, robbell and 27 guests