• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Nginx 403 Forbidden from Webgui after 2.3.3 upgrade

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
4 Posts 3 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B Offline
    bitslammer
    last edited by Feb 24, 2017, 12:01 PM

    I guess I should have checked to see that 2.3.3 was so new before upgrading.

    I'm running an SG-2220 and can't access the webgui after the upgrade. I had to reboot twice just to get traffic passing. I need to make some GeoIP rule changes and can't now that I can't get into the GUI.

    Here's what I've tried so far:

    • Rebooted several times.

    • Tried restarting webgui and PHP several times from the console.

    • Restored several old configs with no luck. I think it's an OS issue and not a config issue so this makes sense.

    If I understand correctly my only option now is to do a clean install from image and restore my last good config I have backed up on the PC. Is that possible to do from a USB stick? I can't get into SSH so I can't transfer anything. It appears to be an authentication issue. If I do need to restore which image do I use?

    This looks like the correct one since my FW has the serial port:

    For a system using a serial console, please use:
      netgate-memstick-serial-2.2.5-RELEASE-amd64.img.gz

    1 Reply Last reply Reply Quote 0
    • J Offline
      jimp Rebel Alliance Developer Netgate
      last edited by Feb 24, 2017, 2:05 PM

      Do not use 2.2.x on there, 2.3.3 works fine. For the 2220 you need an image that has "ADI" in the filename. If you have registered your 2220 you should be able to login to portal.pfsense.org to download the current factory firmware.

      Not sure what that particular error you hit might be though, we haven't seen that happen anywhere else yet. "Forbidden" implies that something changed that prevents nginx from reading the files you requested. You mentioned GeoIP, which means what you changed must have been from a package.

      If you still have console access, you might at least try something like this before blowing everything away:

      pkg update -f
      pkg upgrade -fa
      
      

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • B Offline
        bitslammer
        last edited by Feb 24, 2017, 8:10 PM

        THANK YOU!

        It worked. I'll remember to grab the ADI image in the future. The README wasn't too clear on that.

        As for the GeoIP change I did that weeks ago and forgot to allow a couple countries that I need. I wasn't able to to that without the GUI.

        I figured there had to be some command to force an update. Yours worked fine with the exception that I did an 'pkg upgrade -f' as 'pkg upgrade -fa' gave and error. I'll remember this command in the future.

        1 Reply Last reply Reply Quote 0
        • F Offline
          FTL_Ian
          last edited by Mar 20, 2017, 5:14 AM

          For what it's worth, the upgrade to 2.3.3 on my 2440 also broke as the OP described.  Install seemed to go fine through the web admin, but the box never came back up.  Tried power cycling a couple times and eventually after hitting the reset button the internet came back on my computers, however I could not access the web admin and was getting the 403 Forbidden.  I was able to login via SSH and run:

          pkg update -f
          pkg upgrade -f

          That seems to have me back up and running.  That was pretty scary for a while there!  Thanks for the helpful thread.

          I blog regularly at http://FreeKeene.com

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received