phpBB cookies causing problems with loading of site... ?

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 4:13 pm

The main site (ssl enabled) gets stuck in a redirect loop after visiting the phpBB forum. There are 3 cookies that are generated from the phpBB visit. If I delete these 3 cookies I can navigate throughout the site up to the point of visiting the forum. After I go to the forum and the 3 cookies are saved to the browser the site defaults to the homepage but it isn't navigable, and eventually gets stuck in a redirect loop (see below). I have not found this script anywhere in the public folder files.
  • I just updated from 3.2.5 > 3.2.7 but this problem existed in 3.2.5 I updated to see if the problem would go away.
    I have run https://www.whynopadlock.com and it passes
    I have even run https://redirectdetective.com/ while the redirect is active and there is a permanent redirect from http>https but doesn't show the incorrect redirect to http that pops up (see below)
    Cookies are set to secure through the ACP and the domain is set to .domainname.org
    The server protocol via ACP is set to https
    I have contacted the webhost and they are saying the problem exists within my files.
    This site and forum have been running for years and this is a new problem
many thanks for your help! I'm stuck

here's the redirect that keep stops the site from loading on Chrome and Safari, I can successfully navigate with FF w/o cookies. Is it possible that this script is generated by the server? it's not something that I can find in the files that I can access. If I could get to this file and simply fix the http>https would that be the answer? And why would the phpBB cookies cause this script to pop up?
<HTML>
<HEAD>
<TITLE>Meta Redirect Code</TITLE>
<meta http-equiv="refresh" content="0;url=http://www.domainname.org/">
</HEAD>
<BODY>
<script language="javascript">
location.replace("http://www.domainname.org/");
</script>
</BODY>
</HTML>
<!--

-->
and here is what I found in the .htaccess file:
RewriteOptions inherit

RewriteEngine on
# -FrontPage-

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.domainname.org/$1 [R=301,L]

User avatar
EA117
Registered User
Posts: 654
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: phpBB cookies causing problems with loading of site... ?

Post by EA117 » Mon Jun 24, 2019 4:49 pm

J_M wrote:
Mon Jun 24, 2019 4:13 pm
here's the redirect that keep stops the site from loading on Chrome and Safari
...
<meta http-equiv="refresh" content="0;url=http://www.domainname.org/">

and here is what I found in the .htaccess file:
...
RewriteRule ^(.*)$ https://www.domainname.org/$1 [R=301,L]
Certainly if the successfully-rewritten URL by the .htaccess rule (or even a user who specified HTTPS to begin with) is ultimately allowing a document containing "refresh http://www.domainname.org/" to become loaded, there would easily be a loop there without explicit intervention. Is the http-equiv=refresh / location.replace() document an intentional document on your site? Or are you saying "this is what you see" but you don't know where it's coming from?

If it is an intentional document on your site, and your site is supporting HTTPS, is there a particular logic to why this document contains an HTTP URL for your site instead of HTTPS? (Such that the .htaccess rule would have no reason to engage against the redirect being initiated from the http-equiv=refresh / location.replace() document.)

Hard to say or understand more without a URL to the site where it's happening.
J_M wrote:
Mon Jun 24, 2019 4:13 pm
Cookies are set to secure through the ACP and the domain is set to .domainname.org
The server protocol via ACP is set to https
The "set to https" does raise a question. Do you mean that under ACP, Server Configuration, Server Settings, Server URL Settings you have "Server protocol:" set to "https://"? If so, is "Force server URL settings:" in that same section even set to "Yes"? If it is currently set to "Yes", can you test setting "No" to see if any issue still remains? Or do you know of a reason why you can't set it back to the default of "No"?

If it must remain set to "Yes", then make sure every field is correct (e.g. not still port 80 when you have HTTPS specified).

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 5:05 pm

Is the http-equiv=refresh / location.replace() document an intentional document on your site? Or are you saying "this is what you see" but you don't know where it's coming from?
That's correct, I don't know where this script is located. It appears to be code for a single html page, is it possible that it's "auto-generated" somewhere, or above my level of access?

thanks again,

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 5:22 pm

The "set to https" does raise a question. Do you mean that under ACP, Server Configuration, Server Settings, Server URL Settings you have "Server protocol:" set to "https://"? If so, is "Force server URL settings:" in that same section even set to "Yes"? If it is currently set to "Yes", can you test setting "No" to see if any issue still remains? Or do you know of a reason why you can't set it back to the default of "No"?

If it must remain set to "Yes", then make sure every field is correct (e.g. not still port 80 when you have HTTPS specified).
Sorry I wasn't clear on this one. "https' was in the server protocol field, but I hadn't enabled the Force server URL settings to "yes". So, I just tried it both ways and it doesn't seem to effect the results. Once the phpBB cookies are set, it messes up the site. It appears that there are 3 cookies that are set by phpBB, the one with the "_k" suffix seems to be the problem.
Hard to say or understand more without a URL to the site where it's happening.
If it's OK with you I can send you the link?

User avatar
EA117
Registered User
Posts: 654
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: phpBB cookies causing problems with loading of site... ?

Post by EA117 » Mon Jun 24, 2019 5:35 pm

J_M wrote:
Mon Jun 24, 2019 5:22 pm
"https' was in the server protocol field, but I hadn't enabled the Force server URL settings to "yes". So, I just tried it both ways and it doesn't seem to effect the results.
Good. If you don't need it set to "Yes", and haven't been running with it set to "Yes", its definitely best to least it at the default of "No".
J_M wrote:
Mon Jun 24, 2019 5:22 pm
If it's OK with you I can send you the link?
Sure, that would be fine.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50512
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpBB cookies causing problems with loading of site... ?

Post by stevemaury » Mon Jun 24, 2019 5:45 pm

J_M wrote:
Mon Jun 24, 2019 5:22 pm
If it's OK with you I can send you the link?
That way you have one potential helper instead of 400,000.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 5:52 pm

Hi Steve

I hesitate because it's a site for folks that have a rare disorder, not sure why I do resist posting it. I guess I'm just trying to protect them a bit.

here it is -

https://www.

Since you likely have never visited the site, your browser will let you navigate around until you visit the forum (big blue bar at the top of the page). So, do try a couple other pages first.

After visiting the forum, go back to the homepage and it is at this time I am finding that all navigation stops, and eventually the redirect page may show and then a white page just flickers as it goes back and forth.

For testing I have been using Chrome since it's easy to remove specific cookies. The one that seems to be the culprit is the one that ends with "_k" which maintains session logs. Remove this one and the site works again until visiting the forum:
_u = user ID, in your case XXXXXXX or 1 for a guest.
_sid = session ID, will change from time to time and identifies you, combined with _u.
_k = session key, only used for "remember me" feature to not always re-log in.
Last edited by J_M on Tue Jun 25, 2019 1:29 pm, edited 1 time in total.

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51727
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: phpBB cookies causing problems with loading of site... ?

Post by Brf » Mon Jun 24, 2019 6:17 pm

If I type in a non-existent address it still gives me your index page. You must have some sort of redirect happening there.

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 6:32 pm

do you mean more than whats in the .htaccess?
RewriteOptions inherit

RewriteEngine on
# -FrontPage-

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.domainname.org/$1 [R=301,L]
There is a single redirect within cPanel to redirect ".../forum" to the phpBB3, but other than that I don't see any. Where else do I look?

User avatar
EA117
Registered User
Posts: 654
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: phpBB cookies causing problems with loading of site... ?

Post by EA117 » Mon Jun 24, 2019 6:35 pm

The "http-equiv=refresh / location.replace() document" that was quoted earlier is the 403 error document configured on the web server.

So this site is having the same "I get an HTTP 403 as soon as phpBB cookies are saved for the site" that has been the subject of multiple other posts this week. The unique additional layer was that as part of reporting the 403, the web server is still configured to serve an error document that attempts to send you to the front page of the site using HTTP, rather than HTTPS, so then the .htaccess redirect comes into play too.

So at some point you do want to update the 403.html/404.html and any other error documents the site has to contain a document that attempts to redirect to your now-HTTPS front page, just to eliminate the unnecessary redirect. But that shouldn't have "by definition been a loop"; I'm not sure yet what would have caused an actual redirect loop.

But the main issue, and reason why deleting phpBB cookies seems to have an effect, is that you need to talk to your hosting service about what kind of mod_security rules were updated in the past 48 hours. Or at minimum, viewing your web server access logs or error logs for a more specific hint or confirmation of why 403 is returned, if not due to mod_security.

Because the web server rejecting the GET request with 403 whenever it contains a phpBB "k" cookie is "the core problem" here.

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 6:57 pm

lot's of good info.... i'm just trying to understand it all :)

I believe that I found the "unique" aspect of the problem within the error page setup of cPanel. Both the 403 and 404 errors were the origins of the redirect.

So... I fixed them and made them both "https" but after clearing history and cookies in both Chrome and Safari I'm still experiencing problems after the cookies load from phpBB. So, does this reduce my problem down to the recent issue that you mentioned?
the same "I get an HTTP 403 as soon as phpBB cookies are saved for the site" that has been the subject of multiple other posts this week.
and is the reason for this problem the server rejecting the "Get request" that you mentioned? Have any of the webhosts responded with answers?

thanks again, I would be adrift at sea if it were not for the help here (although... adrift at sea sounds not too bad)

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 7:12 pm

hmmmm.....

I found a couple of the topics you referred to:

viewtopic.php?f=556&t=2515096

viewtopic.php?f=556&p=15278491

viewtopic.php?f=556&t=2515111

Several mentions of UK2 group which is the company that acquired my host a couple years ago. I've submitted a ticket.

User avatar
EA117
Registered User
Posts: 654
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: phpBB cookies causing problems with loading of site... ?

Post by EA117 » Mon Jun 24, 2019 7:51 pm

J_M wrote:
Mon Jun 24, 2019 7:12 pm
I found a couple of the topics you referred to:
My apologies, I thought I had already linked to runewolf's thread here, but now I see and remember why I did not. (Because this current issue hadn't been tied to a 403 response at the time.) But yes, several users, including multiple UK2 users, had indicated this kind of 403 scenario started recently for them with phpBB.

Opening up a ticket is best, in order to learn what they updated and/or where they expected you to find the information needed to identify and solve this 403 within your hosting account. (e.g. Maybe the mod_security rules are accessible & configurable within your hosting control panel, not withstanding that an update performed by them is what inserted new rules.)

Yes, the 403.html and other custom error page documents you have now corrected in the control panel were the source of the additional "redirect document" that was being received, as a secondary condition to the fact that 403 was being returned in the first place. That doesn't rule out that there was some other redirect loop occurring (I can't draw a straight line to how the 403 document trying to send you to the site root page would have caused an infinite loop), but it's a good change to make nonetheless.

Something that is interesting in the investigation you made is how the issue truly is specific to the phpBB cookie, and not just "there are cookies." i.e. There are plenty of other facebook.com and other cookies that can be left set for your site, and none of those trigger the same issue. That will probably make sense once we know what exactly the offending rule is, but it seems so "specific" right now that only the phpBB "k" cookie is affected, when at least in my tests, the "k" cookie doesn't even have a value set yet.

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 8:09 pm

I appreciate you helping me clear out all of the red herrings, and locate the underlying issue.

Something else just popped up. I had been successful logging into phpbb via FF w/ cookies turned off. But now I'm getting :Error code: SSL_ERROR_RX_RECORD_TOO_LONG after adding my username/password. But if I clear out the port number "80:" from the URL I can access the forum and I've been logged in?

If I go back to the earlier discussion and remove the "Force server URL settings" the problem goes away. Is this unrelated to the 403/cookies errors?

I'm tempted to disable "Cookie secure" through the ACP, any chance this would help the 403/cookie problem.. or better question how much would I break if I tried the disable setting?

thanks again,

J_M
Registered User
Posts: 258
Joined: Wed Jul 20, 2005 12:26 pm

Re: phpBB cookies causing problems with loading of site... ?

Post by J_M » Mon Jun 24, 2019 8:13 pm

I just received a response that the Mod Security settings were changed and it's being investigated.

I owe you a cup of coffee. Thank you.

Post Reply

Return to “[3.2.x] Support Forum”