Captive portal login webpage started crashing.



  • Dear All,

    Good day! I have been using PFSence 2.0 CP feature successfully in an enterprise network for last 4 years. My users have reached to even 400 without any issues. Suddenly these day I am having the following problem;

    • My CP portal login page stop appearing. I have restart the webconfigurator service using ssh pressing 11 to restore the login page.
    • I have searched this forum but unable to find the a remedy without upgrading.
    • The lighttpd.error.log displays the following

    2017-03-03 16:27:30: (server.c.1405) [note] sockets disabled, connection limit reached
    2017-03-03 16:28:33: (server.c.1359) [note] sockets enabled again
    2017-03-03 16:28:33: (mod_fastcgi.c.2699) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable '..X..o?@…l..gQl....x.M.}6F.3..|.........;K...i9k7....!.gUl.kJ.;P.S.7.....;......Si..........s..;.o.x.\5e..N.......nH_.Ye../..t...v..8z..|.......p' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'Y.b
    ..8.9..d....RB.' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '.5.;R......:?...QR..5.:.P.6.g.{' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - configured request variable name length limit exceeded - dropped variable 'Z..A.....~...pH..V.b.....z....j..$^"@....6.....1!.....<...T@..s...6..7.a' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - configured request variable name length limit exceeded - dropped variable 'z..mV:..U.kJ.w.I.....l.....fj^m8R....pR....WH.M..t....()...~..N.p..X@Y.u..3.........X...4.!...|...............k.m.y7J...t....$`.....e' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - configured request variable name length limit exceeded - dropped variable '<$w3...;..x..F..d.,|.w_V7...G/)..Vtn..b...p"...?...3/...1...d.......y./..-L...,...(..m.V..q%Ir........I..D..i...1................7.
    ...%..G/....W.....[i'….$....Yu....j.)..a...8..xR.N......:.ePk....W.J..v6.Qrk..u.s.....K|(....h.v.l..$.^.f..6...W%. ..z.l'.E..^J...z....F.}..%.xz..;.z}....l..n8/..fQ..../...u.aO..t..d...t.GS' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - configured request variable name length limit exceeded - dropped variable '..._..m.J..J.....rY.3o..9...........(....?...O..M...~.V..NX.p.{r2.JO.....qq".e....e2......' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')
    ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '....._c..1..g6'"-.ug' (attacker '10.200.255.135', file '/usr/local/captiveportal/index.php')

    2017-03-03 16:28:33: (request.c.1129) GET/HEAD with content-length -> 400
    2017-03-03 16:28:34: (request.c.1129) GET/HEAD with content-length -> 400
    2017-03-03 16:28:34: (request.c.1129) GET/HEAD with content-length -> 400
    2017-03-03 16:29:04: (server.c.1405) [note] sockets disabled, connection limit reached

    I would appreciate if any could shed some light.



  • Quite a few day and no answer.

    Any one?



  • Hi,

    You might have an issue …. but "they" (pfSense development) said to us : update/upgrade, don't keep old version around. Better version are available. It's far to difficult to auto-support old version ....
    So, your second issue would be : hoping to find some one that still runs YOUR (ancient) 2.0 version, AND has the same issue.
    The problem is ...... well, you get the picture  ;)

    When you use 2.3.3-RELEASE-p1 (latest from March 9, last weak) you could have issues, but at least some one would know about it right away.



  • @Gertjan:

    Hi,

    You might have an issue …. but "they" (pfSense development) said to us : update/upgrade, don't keep old version around. Better version are available. It's far to difficult to auto-support old version ....
    So, your second issue would be : hoping to find some one that still runs YOUR (ancient) 2.0 version, AND has the same issue.
    The problem is ...... well, you get the picture  ;)

    When you use 2.3.3-RELEASE-p1 (latest from March 9, last weak) you could have issues, but at least some one would know about it right away.

    Thanks for replying;

    Upgrading is one of the obvious options but you cannot upgrade every now n then in a n enterprise. Specially if u have made some changes like manual logout page etc.

    Secondly support is always given on past experience. What would one do if you upgrade to the latest and face an issue no one has faced till now.

    Regards.


  • Banned

    So you think running a completely unsupported firewall version with lots of vulnerabilities is a good enterprise practice?  :o



  • @khmasood:

    Upgrading is one of the obvious options but you cannot upgrade every now n then in a n enterprise.
    Sever security issues in the kernel were found. Keeping it isn't a good idea.

    @khmasood:

    Specially if u have made some changes like manual logout page etc.

    99 % of a 'user' changes can be applied right away if needed. And you should be comfortable with that, otherwise the idea of patching wasn't a good idea in the first place.

    @khmasood:

    Secondly support is always given on past experience. What would one do if you upgrade to the latest and face an issue no one has faced till now.

    Check out this forum. The latest version works great. In case of doubt, just wait a couple of days before hitting the upgrade button.
    Support is given, like Microsoft still supports somehow Windows XP …. ;) Please understand that NO-ONE uses his memory to support software. If you have a question, we use our own install to look up / test your question. And answer afterwards.
    Only experts keep / use old software versions - On the other hand, experts don't ask questions - and experts don't keep old versions ….. (they don't have time for that).


  • Rebel Alliance Developer Netgate

    2.0.x is far too old to expect anyone to assist in diagnosing. Even if you were on the latest 2.0.x release that's still 3.5+ years out of date.

    I seem to recall a similar problem back then that was fixed, also a long time ago. I didn't see any specific references in any of the release notes, though.

    From 2.3.x on it's even a completely different web server running captive portal connectivity (nginx now, was lighttpd back then)

    The best path forward is to upgrade.