Lihttpd error after upgrade from 2.0.1 to 2.0.3

mj

hi jimp

the error gets logged exactly every 10 seconds,

i have check the the connections, and nothing or no one is connecting to the firewall on port 80.

i have a port 80 NAT rule setup though?

is there not a way to suppress the message?

thanks

wallabybob

@mj:

i have check the the connections, and nothing or no one is connecting to the firewall on port 80.

I think jimp means the web server is expecting to be accessed by SSL on its configured port BUT someone is accessing it on that port by HTTP. (That is, it is being accessed by http://… instead of https://...)

mj

that is what i understood.

It is still logging the error every 2 seconds.

Nothing that i can find is trying to connect http to the GUI.

Is it possibly a package I installed that is causing this?

wallabybob

@mj:

Nothing that i can find is trying to connect http to the GUI.

How did you look?

@mj:

Is it possibly a package I installed that is causing this?

What packages do you have installed?

Please post a screenshot of GUI parameters as set on System -> Advanced, Admin Access tab.

mj

@wallabybob:

@mj:

Nothing that i can find is trying to connect http to the GUI.

How did you look?

I checked connections under Diagnostics/States to see if there was any connections to the firewall on port 80

@mj:

Is it possibly a package I installed that is causing this?

What packages do you have installed?

Lightsquid

Open-VM-Tools

OpenVPN Client Export Utility

pfBlocker

squid

squidGuard

Please post a screenshot of GUI parameters as set on System -> Advanced, Admin Access tab.

http://imgur.com/Y8n4CnD

thanks

wallabybob

You have the pfSense GUI listening on port 8443 for https. Is that intended?

mj

@wallabybob:

You have the pfSense GUI listening on port 8443 for https. Is that intended?

yes. call me paranoid, but i don't like leaving the GUI on the default port for ssl.
could this be an issue?

mj

After changing the GUI port back to default 443,
the messages stop being logged.

I will leave it on default, seeing that the system log is usable again

thanks for the help!

jimp

That probably didn't solve anything, it hid the actual problem.

Most likely, something like pfBlocker is trying to hit the gui with http://(your ip):8443 in a URL table alias when it should have been https://(your ip):8443

mj

hi

the error is back again!! aargh.

can someone point me in the right direction to trace what is causing this?

thanks

jimp

You'd need to run a packet capture watching for connections to your firewall on port 8443, and see what the source IP of the traffic ends up being there.

mj

@jimp:

You'd need to run a packet capture watching for connections to your firewall on port 8443, and see what the source IP of the traffic ends up being there.

i finally found it was my spiceworks network scanner, that was scanning the pfsense, and causing the error in the logs.