[solved] Changed Admin Access to HTTP and couldn't login anymore
-
This might or might not be related to the beta, so sorry if it isn't, but I only have betas right now.
I changed Admin Access to HTTP and couldn't login anymore. It would say something like the browser needs to accept cookies or similar. I tested with two different browsers.
What was really disturbing to me, there was no config backup in the config-history about that change of mine. I had to revert to a backup-image from this morning.
Now is there a reason for not having a config backup about this? True is, I disabled all safeguards about login-in before, still...
-
The cookie is likely being rejected since a secure one already exists. Clear cookies or try it in a private window.
-
@marcosm So it is a non-issue and doesn't deserve a config-change. I don't want to retest this because of reasons and can't say for sure, if all cookies were deleted beforehand. Maybe I will retry tomorrow.
-
It's usually either HSTS or cookies. I did reproduce it here and can see in the browser console:
Cookie “PHPSESSID” has been rejected because there is an existing “secure” cookie.
-
@marcosm If HSTS is enabled in pfSense and later I switch back to HTTP... I have a problem. Maybe there should be a check in place and HSTS should be disabled by pfSense if one is changing to http. And a config-backup would help in this case. Just a thought.
I hope I learned my lesson for now. -
Maybe, though personally I wouldn't want to make it any easier to use unencrypted traffic in 2024
-
@Bob-Dig said in [solved] Changed Admin Access to HTTP and couldn't login anymore:
@marcosm If HSTS is enabled in pfSense and later I switch back to HTTP... I have a problem. Maybe there should be a check in place and HSTS should be disabled by pfSense if one is changing to http. And a config-backup would help in this case. Just a thought.
I hope I learned my lesson for now.pfSense doesn't send HSTS info when you set the GUI to HTTP, but your browser caches the previous value and will refuse to connect (rightfully so!). Nothing the server can do about that, you have to manually clear it. Both Chrome and Firefox have methods of clearing that, others likely do as well.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp I felt brave, this time with MIM enabled. And you were right. I managed to log-in with chromium, after clearing some saved information. With FF I had no luck so far but now I had two ways to access pfSense and re-enable https. Thank you.
