Hi I'm experiencing a super weird problem.

Whenever I post links to my website on Facebook, they come up as Forbidden.

The site itself works great and I have no seen this when linking on other sites.

Could this be a server misconfiguration? Any thoughts on where to look?

here's some Info:

I have a dedicated server running WHM 11.25.0

i have 2 sites hosted here using cPanel 11.25.0

the error msg:

Forbidden

You don't have permission to access /blog/deepwater-horizon-11/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

---

开发者_如何学JAVA Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.offshoreinjuries.com Port 80

UPDATE:

Here is a sample link if it helps. (notice going the linked page directly works fine)

http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.offshoreinjuries.com%2Fblog%2Fdeepwater-horizon-11%2F&h=834ea

UPDATE and ANSWER:

Found the issue and added a complete answer below.

You must have a rule somewhere that reads the HTTP_REFERER and rejects incoming links from Facebook. Seriously. This is what happens between the lines:

No referrer

telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com

    HTTP/1.1 200 OK
    Date: Fri, 28 May 2010 09:19:45 GMT
    Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    X-Powered-By: PHP/5.2.12
    X-Pingback: http://www.offshoreinjuries.com/blog/xmlrpc.php
    Content-Type: text/html; charset=UTF-8

200 OK, good.

Facebook referrer

telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
Referer: http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.offshoreinjuries.com%2Fblog%2Fdeepwater-horizon-11%2F&h=834ea

    HTTP/1.1 403 Forbidden
    Date: Fri, 28 May 2010 09:21:04 GMT
    Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    Content-Type: text/html; charset=iso-8859-1

403 Forbidden, bad.

Any other referrer

telnet www.offshoreinjuries.com 80
HEAD /blog/deepwater-horizon-11/ HTTP/1.1
Host: www.offshoreinjuries.com
Referer: http://alvaro.es/

    HTTP/1.1 200 OK
    Date: Fri, 28 May 2010 09:20:36 GMT
    Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    X-Powered-By: PHP/5.2.12
    X-Pingback: http://www.offshoreinjuries.com/blog/xmlrpc.php
    Content-Type: text/html; charset=UTF-8

200 OK again.

Your server is actively rejecting visitors from Facebook.

I was finally able to get to the bottom of this behavior.
The default mod_security settings of my host, HostGator include a set of whitelists and blacklists. Upon inspecting these I found .facebook.com/l.php blacklisted.
l.php is a wrapper page that provides a warning that you are leaving facebook. As I understand it since this can be easily exploited, HostGator chose to essentially blacklist all outbound facebook links.

I fixed my problem by removing .facebook.com/l.php from the mod_security blacklist, however I could have also just reset my mod_security settings to Default (vs the HostGator config) via a single click in WHM.