Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote Config Backup and CSRF

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Boolah
      last edited by

      2.0-BETA4 (amd64)
      built on Fri Nov 12 18:33:07 UTC 2010

      It appears that in recent snapshots, the instructions to remotely backup the config.xml outlined here:

      http://doc.pfsense.org/index.php/Remote_Config_Backup#Pulling_on_2.0

      no longer work.  I suspect this is because of the newly added CSRF, but have not confirmed this.

      wget does indeed store cookies during the login session as indicated by Jim here:

      http://forum.pfsense.org/index.php/topic,29987.msg155754.html#msg155754

      but does not appear to store the CSRF info.  Here is the cookie file generated by wget:

      # HTTP cookie file.
      # Generated by Wget on 2010-11-15 06:21:10.
      # Edit at your own risk.
      
      192.168.168.112 FALSE   /       FALSE   0       PHPSESSID       c7c220f4a2e01e4fd36eb850c6f7e810
      

      Moreover, the second wget command (to actually download the config.xml file) yields a 403:

      --2010-11-15 06:32:29--  http://192.168.168.112/diag_backup.php
      Connecting to 192.168.168.112:80... connected.
      HTTP request sent, awaiting response... 403 Forbidden
      2010-11-15 06:32:29 ERROR 403: Forbidden.
      
      
      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Fixed.  Please try the next snapshot.

        1 Reply Last reply Reply Quote 0
        • B
          Boolah
          last edited by

          2.0-BETA4 (amd64)
          built on Wed Nov 17 00:46:28 UTC 2010

          This still doesn't work for me.  With the above snapshot, I no longer get a 403, but the resulting file that's downloaded is the /index.php file and not the actual config.xml file.

          1 Reply Last reply Reply Quote 0
          • B
            Boolah
            last edited by

            2.0-BETA4 (amd64)
            built on Sun Nov 21 18:22:57 UTC 2010

            Just in case anyone is having this issue, it appears to now work with a minor modification to the original instructions.

            In the first wget command, replace

            https://192.168.1.1/index.php

            with

            https://192.168.1.1/diag_backup.php

            and it should start working correctly.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              I updated the instructions on the wiki with that change.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.