Lihttpd error after upgrade from 2.0.1 to 2.0.3

mj · May 23, 2013, 6:14 AM

hi pfsense dudes

i am getting the following error in the system log, every 10 seconds, after upgrading from 2.0.1 to 2.0.3

lighttpd[29006]: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

after googling and searching I have not been able to find anyone with the same issue,

Does anyone know what this is?

thanks

jimp · May 23, 2013, 12:20 PM

Someone/something is attempting to connect to your firewall's GUI port with HTTP when it should be using HTTPS.

mj · May 24, 2013, 6:43 AM

hi jimp

the error gets logged exactly every 10 seconds,

i have check the the connections, and nothing or no one is connecting to the firewall on port 80.

i have a port 80 NAT rule setup though?

is there not a way to suppress the message?

thanks

wallabybob · May 24, 2013, 11:09 PM

@mj:

i have check the the connections, and nothing or no one is connecting to the firewall on port 80.

I think jimp means the web server is expecting to be accessed by SSL on its configured port BUT someone is accessing it on that port by HTTP. (That is, it is being accessed by http://… instead of https://...)

mj · May 28, 2013, 7:34 AM

that is what i understood.

It is still logging the error every 2 seconds.

Nothing that i can find is trying to connect http to the GUI.

Is it possibly a package I installed that is causing this?

wallabybob · May 28, 2013, 9:09 AM

@mj:

Nothing that i can find is trying to connect http to the GUI.

How did you look?

@mj:

Is it possibly a package I installed that is causing this?

What packages do you have installed?

Please post a screenshot of GUI parameters as set on System -> Advanced, Admin Access tab.

mj · May 28, 2013, 9:31 AM

@wallabybob:

@mj:

Nothing that i can find is trying to connect http to the GUI.

How did you look?

I checked connections under Diagnostics/States to see if there was any connections to the firewall on port 80

@mj:

Is it possibly a package I installed that is causing this?

What packages do you have installed?

Lightsquid

Open-VM-Tools

OpenVPN Client Export Utility

pfBlocker

squid

squidGuard

Please post a screenshot of GUI parameters as set on System -> Advanced, Admin Access tab.

http://imgur.com/Y8n4CnD

thanks

wallabybob · May 28, 2013, 10:42 AM

You have the pfSense GUI listening on port 8443 for https. Is that intended?

mj · May 28, 2013, 11:05 AM

@wallabybob:

You have the pfSense GUI listening on port 8443 for https. Is that intended?

yes. call me paranoid, but i don't like leaving the GUI on the default port for ssl.
could this be an issue?

mj · May 28, 2013, 11:46 AM

After changing the GUI port back to default 443,
the messages stop being logged.

I will leave it on default, seeing that the system log is usable again

thanks for the help!

jimp · May 28, 2013, 11:57 AM

That probably didn't solve anything, it hid the actual problem.

Most likely, something like pfBlocker is trying to hit the gui with http://(your ip):8443 in a URL table alias when it should have been https://(your ip):8443

mj · Jun 5, 2013, 6:50 AM

hi

the error is back again!! aargh.

can someone point me in the right direction to trace what is causing this?

thanks

jimp · Jun 5, 2013, 3:05 PM

You'd need to run a packet capture watching for connections to your firewall on port 8443, and see what the source IP of the traffic ends up being there.

mj · Aug 5, 2013, 5:22 AM

@jimp:

You'd need to run a packet capture watching for connections to your firewall on port 8443, and see what the source IP of the traffic ends up being there.

i finally found it was my spiceworks network scanner, that was scanning the pfsense, and causing the error in the logs.