Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nginx 403 Forbidden from Webgui after 2.3.3 upgrade

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bitslammer
      last edited by

      I guess I should have checked to see that 2.3.3 was so new before upgrading.

      I'm running an SG-2220 and can't access the webgui after the upgrade. I had to reboot twice just to get traffic passing. I need to make some GeoIP rule changes and can't now that I can't get into the GUI.

      Here's what I've tried so far:

      • Rebooted several times.

      • Tried restarting webgui and PHP several times from the console.

      • Restored several old configs with no luck. I think it's an OS issue and not a config issue so this makes sense.

      If I understand correctly my only option now is to do a clean install from image and restore my last good config I have backed up on the PC. Is that possible to do from a USB stick? I can't get into SSH so I can't transfer anything. It appears to be an authentication issue. If I do need to restore which image do I use?

      This looks like the correct one since my FW has the serial port:

      For a system using a serial console, please use:
        netgate-memstick-serial-2.2.5-RELEASE-amd64.img.gz

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Do not use 2.2.x on there, 2.3.3 works fine. For the 2220 you need an image that has "ADI" in the filename. If you have registered your 2220 you should be able to login to portal.pfsense.org to download the current factory firmware.

        Not sure what that particular error you hit might be though, we haven't seen that happen anywhere else yet. "Forbidden" implies that something changed that prevents nginx from reading the files you requested. You mentioned GeoIP, which means what you changed must have been from a package.

        If you still have console access, you might at least try something like this before blowing everything away:

        pkg update -f
pkg upgrade -fa

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B Offline
          bitslammer
          last edited by

          THANK YOU!

          It worked. I'll remember to grab the ADI image in the future. The README wasn't too clear on that.

          As for the GeoIP change I did that weeks ago and forgot to allow a couple countries that I need. I wasn't able to to that without the GUI.

          I figured there had to be some command to force an update. Yours worked fine with the exception that I did an 'pkg upgrade -f' as 'pkg upgrade -fa' gave and error. I'll remember this command in the future.

          1 Reply Last reply Reply Quote 0
          • F Offline
            FTL_Ian
            last edited by

            For what it's worth, the upgrade to 2.3.3 on my 2440 also broke as the OP described.  Install seemed to go fine through the web admin, but the box never came back up.  Tried power cycling a couple times and eventually after hitting the reset button the internet came back on my computers, however I could not access the web admin and was getting the 403 Forbidden.  I was able to login via SSH and run:

            pkg update -f
            pkg upgrade -f

            That seems to have me back up and running.  That was pretty scary for a while there!  Thanks for the helpful thread.

            I blog regularly at http://FreeKeene.com

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.