Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    501 Potential DNS Rebind Attack after Installing Squid3

    Scheduled Pinned Locked Moved
    General pfSense Questions
    2
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kiekar
      last edited by

      Hello,

      I installed Squid3 version 3.1.20 pkg 2.1.2 in order to use the caching and reverse proxy capabilities. Currently I have NAT Reflection enabled (Pure NAT) in order for me to connect internally through my LAN interface to my websites residing at my DMZ interface.

      After installing Squid3, I am now receiving a Potential DNS Rebind Attack Detected on my browser when connecting to one of the website. I tried a view different configuration changes but still receive the error. I disabled NAT Reflection, added my 1:1 subnet to the proxy server (Bypass proxy for these destinations IPs) e.g. Public Address 216.xxx.xx.xx;Private Address 172.16.0.2.

      Are there any other configuration changes I can try to not receive the error? Your help would be much appreciated.

      Thanks

      1 Reply Last reply Reply Quote 0
      • K
        kiekar
        last edited by

        Anyone out there can help me out. Still not able to view webpages residing on my web server at my DMZ interface.

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          You get that error if you try to access the pfSense box a name other than its hostname.  Did you search these forums and Google for 'pfsense DNS rebind attack'?  From DNS Rebinding Protections:

          _For those not using the DNS forwarder, and as an additional layer of checks, the web interface will block attempts to access it via an unknown hostname. It will display "Potential DNS Rebind Attack Detected" and drop any request. By default, only the hostname and domain configured under System>General Setup are accepted. For instance if firewall.example.com is configured as the system's hostname, and it is loaded in a browser using fw1.example.com, that attempt will be rejected. Additional hostnames can be added under System>Advanced, "Alternate Hostnames".

          Logging in using the IP address of the system rather than the hostname does work if this message is encountered when attempting to load by hostname. Once access has been obtained, configure the hostname(s) accordingly and then it is possible to log in using the desired hostname.

          If this message is encountered when a client attempted to access a forwarded service (Port forward, 1:1 NAT, relayd, etc) it indicates that the request did not match any NAT rules. From the inside of the network, this would require NAT reflection or split DNS to accomplish. See Why can't I access forwarded ports on my WAN IP from my LAN/OPTx networks for more details._

          1 Reply Last reply Reply Quote 0
          • K
            kiekar
            last edited by

            Thanks for pointing me in the right direction. I was able to access my website using Host Overrides at the General DNS Forwarder Options.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.