website security problems
-
You're doing it right : re installing with bit level destroying etc.
But then you fail :
Do Not import your saved backup configuration !Do these simple steps :
Install clean.
Assign LAN interfaces, activates DHCP where needed.
Assign a WAN and connection method.
Change the admin password.And now the critical thing : do nothing else.
No config import - do nothing.
Done !pfSense works out of the box.
Your issue is solved.
And you also know now what the issue was .... -
@jc1976 this was never a pfSense or Xfinity issue to begin with. The error you got was clearly a browser/plugin issue as i described in my first post in this thread. Just because you didnt have any issues before, doesnt mean that the issue was not there. Browsers and their plugins are constantly getting updated, and with those updates, their behavior changes as well. Previous versions could try to establish HTTPS traffic, and if they fail, they just continue to HTTP without you even knowing. This could be browser "security issue" so Mozilla decided to change this and warn you if HTTPS traffic is not possible, and force you to "accept the risks" before you continue.
There is no need to use gparted or any other 3rd party software to wipe partitions. pfSense installer is doing that by default. Im not sure why you removed pfBlockerNG, Squid and Suricata if you have more than capable hardware. Neither of those packages were causing the issue you had. You are just paranoid now for no reason.
You also said, and i quote:
"i just need to figure out why i'm having so many issues with it all of a sudden. I wish i new how to read logs better.."
What other issues are you having ?
As for the RAM memory, some amount of your total system memory is shared with onboard graphic card. This can be changed in BIOS. pfSense doesnt need much video RAM since its not running Xorg graphic server. Its all textual or web interface mode. Unfortunately some BIOS-es wont let you set this shared memory size less than 32, 64 and on some system even 128mb of RAM. If you want to overcome this issue, you need a dedicated video card, which is totally pointless since you have 16GB of RAM which is overkill anyway.
-
This is not a RAM issue.
It's almost certainly a browser issue. That should be easy to check though by just using a different browser.
It could be a combination of things and that browser plugin is just revealing it.Like something is resolving those to a different page, maybe a warning or error, and your browser is showing that because it's http.
Steve
-
What is funny is his example is showing https://amazon.com in the url address bar.
If you go to amazon.com via http or https it should be sending his browser a redirection.
Resolving amazon.com (amazon.com)... 205.251.242.103, 176.32.103.205, 54.239.28.85 Connecting to amazon.com (amazon.com)|205.251.242.103|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://amazon.com/ [following] --2021-11-11 09:29:03-- https://amazon.com/ Connecting to amazon.com (amazon.com)|205.251.242.103|:443... connected.--2021-11-11 09:29:39-- https://amazon.com/ Resolving amazon.com (amazon.com)... 205.251.242.103, 176.32.103.205, 54.239.28.85 Connecting to amazon.com (amazon.com)|205.251.242.103|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.amazon.com/ [following] --2021-11-11 09:29:39-- https://www.amazon.com/ Resolving www.amazon.com (www.amazon.com)... 23.11.225.174 Connecting to www.amazon.com (www.amazon.com)|23.11.225.174|:443... connected.Notice the "301 Moved Permanently" and then the new www. url and following to that..
He could have something blocking something - and his browser is showing this error as a red herring because it doesn't know any better?
I would love to see a wget even - take the browser out of the equation.
-
@stephenw10 said in website security problems:
This is not a RAM issue.
It's almost certainly a browser issue. That should be easy to check though by just using a different browser.
It could be a combination of things and that browser plugin is just revealing it.Like something is resolving those to a different page, maybe a warning or error, and your browser is showing that because it's http.
Steve
@stephenw10 not sure if you saw, but issue is already resolved. Check the post from @johnpoz. Issue is exactly what i described in my first post. Also, i never said it was a RAM issue. @jc1976 was wondering where did the certain amount of total system RAM go, so i explained him that system RAM is shared with onboard graphics.
-
@nimrod I am not sure I would consider it "resolved" until we actually hear from the user that he has it working now.
-
@nimrod said in website security problems:
@stephenw10 not sure if you saw, but issue is already resolved. Check the post from @johnpoz. Issue is exactly what i described in my first post. Also, i never said it was a RAM issue.
I realise. But @jc1976 suspected it might be and I was ruling that out.
Yeah, is that browser setting blocking the http redirect? Seems like that should happen over https but I've never dug too deeply into that.
Steve
-
Im constantly getting notified that posts have been edited, i thought i saw he said issue was resolved. I scrolled back now, and i dont see it. Im sorry, my bad.
-
Regarding trying this all out with a different browser and different computers, that was done.
i attempted the same thing with edge, and my GF is using her mac with chrome, she's having the same issues as well. She has two mac laptops (one for work, one personal), both have the same issue.
So, i'll make the change with firefox but as i said before, this wasn't an issue a few weeks ago and up until last night absolutely nothing has changed. last night i uninstalled, rebooted, reinstalled (as default) firefox and the issue is still there.
-
@jc1976 said in website security problems:
and my GF is using her mac with chrome, she's having the same issues as well.
And again pfsense has ZERO systems to make such a notification to the browser - that error is a BROWSER thing.. Now its possible your filtering the 301 redirection, but I really don't see anything in pfsense that would do that.. Maybe some sort of IPS?
How about you do a simple fetch or wget.. Now www.amazon.com is going to resolve to something different than amazon.com as you can see in my outputs from wget..
If your browser is not seeing the redirection and tries to load https://amazon.com via 443 then yeah the cert could fail and your BROWSER would warn you about it..
edit:
But when you look at my test of https://amazon.com I get the 301 redirect over 443, and the cert is trusted, etc.. Maybe you have something wrong with your systems Trusted Certs?Here for example using debug on the wget I can see the ssl info, etc. and via that connection I get 301 that it moved to https://www.amazon.com
--2021-11-11 15:05:53-- https://amazon.com/ Resolving amazon.com (amazon.com)... 205.251.242.103, 176.32.103.205, 54.239.28.85 Caching amazon.com => 205.251.242.103 176.32.103.205 54.239.28.85 Connecting to amazon.com (amazon.com)|205.251.242.103|:443... connected. Created socket 3. Releasing 0x00005653b3975a30 (new refcount 1). Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x00005653b3975b50 certificate: subject: CN=*.peg.a2z.com issuer: CN=DigiCert Global CA G2,O=DigiCert Inc,C=US X509 certificate successfully verified and matches host amazon.com ---request begin--- GET / HTTP/1.1 User-Agent: Wget/1.20.3 (linux-gnu) Accept: */* Accept-Encoding: identity Host: amazon.com Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 301 Moved Permanently Server: Server Date: Thu, 11 Nov 2021 21:05:53 GMT Content-Type: text/html Content-Length: 179 Connection: keep-alive Location: https://www.amazon.com/ Permissions-Policy: interest-cohort=() -
Mmm, that error you're seeing in Firefox is a specific firefox error. So what error do you see in other browsers? There are almost certainly some clues there.
Steve
-
@stephenw10 I have tried to duplicate this with firefox turning on https-only, etc. And going to http or https://amazon.com or pfsense.com etc.. all just work fine - with the 301 redirection to www.
Maybe a proxy or ips thing? Proxy maybe doing some sort of https mitm?
-
@jc1976 I suspect DNS is serving incorrect addresses, or possibly some security software is acting as a MITM and is not handling amazon.com's redirect correctly. What's the output if you nslookup amazon.com , then nslookup www.amazon.com ? Is the former IP in a range owned by Amazon (lookup at https://whois.arin.net )?
FWIW, I do not see this problem when enabling HTTPS-only mode in FF (v94.0).
-
Mmm, I could certainly believe DNS shenanigans.
Try just resolving locally, stop sending your queries to Cloudflare.
-
Hey fellas! really, thank you SO much for your input in all this!
the issue also came up on edge and chrome. i only have firefox and edge on my home workstation. I tried it all on my laptop as well and had the same issues.
regarding resolving locally instead of cloudflare, i'm a bit uncertain what you mean by that. DNS settings are:
127.0.0.1
1.1.1.1
1.0.0.1I don't use dnsmasq (forwarder), just unbound.
disabling https: only mode in all windows (under firefox) seems to have things behaving more normally, but again, i don't have ANY services enabled (suricata, pfblocker, squid/clamav). so who knows what will happen if i were to re-enable those.
I also don't have any rules setup, so i don't know what is causing my trading apps to hang upon startup, at least not at the moment because again, anything that would block them has been shut down..
i've even shut down my windows defender firewall to make sure that couldn't be causing the hang-up.. it's all very weird.
Johnpoz mentioned filtering 301 redirection.. i'm gonna do my research and find out how to figure that out because this whole thing feels like a filtering issue, i just don't know how to go about figuring that out (still learning).
i trying to explain to our consultant at work what goes on..
-i opened up firefox to DDG.
-searched for ad blocker test
-given a list of sites to test ad blocks.
one of which i used is "https://canyoublockit.com"clicking on the link for https://canyoublockit.com yields nothing.. the site just doesn't open. clicking multiple times does nothing, it just sits there as if i didn't click on anything. sometimes it would give me the security error... but otherwise nothing happens.. then if i close out and come back, maybe the site would open.. it's random..
-
@jc1976 said in website security problems:
I have cloudflare setup for dns over tls
If you are doing that then you're sending DNS queries to them rather than resolving locally. Assuming it's setup correctly.
What error do you see in Edge? Or any other browser on any other client?
Steve
-
@stephenw10 it's not even the browsers, it's my software.
i have an old crappy cisco rv042 from long ago as a backup.
right now, i have that plugged in because aside from websites not loading, even my trading apps are hanging.i have EVERY service/package shut down so there shouldn't be anything blocking anything, other than the default ruleset that blocks all incoming connections.
I'm going to have to reinstall it all from scratch when i get a chance.
really aggravating. -
Backup your config, restore to defaults, re-test. It's easy to restore the config if it doesn't help.
-
@stephenw10 yup!
i'm happy to say that my GF left for the weekend so performing a ground-up reload of pfsense is what i'll be doing tonight after i get home from work.
I'll keep you posted.
Thanks again for all your input!
-
@jc1976
looks like i'm back in business..gparted the drive and reloaded pfsense from scratch. I've got the base config down, only modifications done are to dns over tls with cloudflare..
so far, so good.. very snappy and the throughput is where it's supposed to be..
did a backup.. not sure if i wanna bother adding packages yet.. it's nice to have it back up and running. just reeeaaaaally despise the ads and marketing from my devices..
