Facebook links to my site resolve as 403 forbidden

facebook http-status-code-403 mod-security
filip picture filip · May 28, 2010 · Viewed 18.1k times · Source

Hi I'm experiencing a super weird problem.
Whenever I post links to my website on Facebook, they come up as Forbidden.
The site itself works great and I have no seen this when linking on other sites.
Could this be a server misconfiguration? Any thoughts on where to look?

here's some Info:
I have a dedicated server running WHM 11.25.0
i have 2 sites hosted here using cPanel 11.25.0

the error msg:

Forbidden

You don't have permission to access /blog/deepwater-horizon-11/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.offshoreinjuries.com Port 80

UPDATE:
Here is a sample link if it helps. (notice going the linked page directly works fine)
http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.offshoreinjuries.com%2Fblog%2Fdeepwater-horizon-11%2F&h=834ea

UPDATE and ANSWER:
Found the issue and added a complete answer below.

Answer

Álvaro González picture Álvaro González · May 28, 2010

You must have a rule somewhere that reads the HTTP_REFERER and rejects incoming links from Facebook. Seriously. This is what happens between the lines:

No referrer

telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com

    HTTP/1.1 200 OK
    Date: Fri, 28 May 2010 09:19:45 GMT
    Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    X-Powered-By: PHP/5.2.12
    X-Pingback: http://www.offshoreinjuries.com/blog/xmlrpc.php
    Content-Type: text/html; charset=UTF-8

200 OK, good.

Facebook referrer

telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
Referer: http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.offshoreinjuries.com%2Fblog%2Fdeepwater-horizon-11%2F&h=834ea

    HTTP/1.1 403 Forbidden
    Date: Fri, 28 May 2010 09:21:04 GMT
    Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    Content-Type: text/html; charset=iso-8859-1

403 Forbidden, bad.

Any other referrer

telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
Referer: http://alvaro.es/

    HTTP/1.1 200 OK
    Date: Fri, 28 May 2010 09:20:36 GMT
    Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    X-Powered-By: PHP/5.2.12
    X-Pingback: http://www.offshoreinjuries.com/blog/xmlrpc.php
    Content-Type: text/html; charset=UTF-8

200 OK again.

Your server is actively rejecting visitors from Facebook.

Related questions

Use Device Login on Smart TV / Console

I have noticed that Facebook seems to support Device Login with a token / PIN Code instead of user/login to be used on devices like TV or console: https://www.facebook.com/device In the search of the dev page …

Read More
Where can I find my Facebook application id and secret key?

In my Facebook account, where can I find these application IDs, secret key, all?

Read More
Facebook API - How do I get a Facebook user's profile image through the Facebook API (without requiring the user to "Allow" the application)

I'm working on a CMS that fetches a user's profile image from their Facebook URL (that is, http://facebook.com/users_unique_url). How can I accomplish this? Is there a Faceboook API call that fetches a user's profile image …

Read More