Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.4.0-RC (arm) reverting webconfigurator from https to http yields in login loop

    Scheduled Pinned Locked Moved webGUI
    6 Posts 3 Posters 984 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oldunixguy
      last edited by

      running 2.4.0-RC (arm) on sg-1000.

      For a long time I have been running the web configurator on https port 4443. The "normal" port 443 is port forwarded to a host on the LAN. Note that I also have port 80 forwarded to a host on the LAN.

      I had a functioning SSH login with key access so I could undo the changes that lock me out of the configurator.

      I have tried several methods to change this to something like http on port 88. [Eventually I will reconfigure other settings to prevent reaching this from the WAN and using SSH tunneling to reach the web configurator on http port 88. But not yet.] I want to do this in stages.

      Method 1- I used the web configurator itself. On System->Advanced->Admin Access I changed from https to http port 88 ONLY- no other change. This resulted in painting the web configurator login page http://10.0.0.1:88 but after entering the credentials it after a short pause would just repaint the login page.

      Method 2- I used was the web configurator System->Advanced->Admin Access I changed from https to http and put the port back to 4443- no other change. This resulted in painting the web configurator login page http://10.0.0.1:4443 but after entering the credentials it after a short pause would just repaint the login page.

      Method 3- I used the SSH command line interface and Option 2 because documentation stated it would allow reverting back to http for the configurator. I entered the same IP and netmask for the LAN and did not touch the WAN. I selected http. Yet, this too would not work.

      Clearly, there is some other change or changes to make this work. The documentation (and forum posts) are not correct to make this https to http reversion.

      What else do I need to do to make this reversion by using the shell interface (since changes lock me out of the configurator)?

      thanks
      oldunixguy

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        When HTTPS is enabled, pfSense sets up HSTS. Most likely your browser is attempting to respect this and has cached that.

        Try a different browser or try clearing your cache/history, maybe try a private/incognito browsing mode.

        The real question is why anyone would want to use HTTP these days for GUI access…

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          @jimp:

          …
          The real question is why anyone would want to use HTTP these days for GUI access...

          HTTPS you mean ?
          That's your fault. The acme packet works to well.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            @Gertjan:

            HTTPS you mean ?
            That's your fault. The acme packet works to well.

            Indeed it does work very well, but OP is trying to change from HTTPS to HTTP for some unspecified reason I can't fathom.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • O
              oldunixguy
              last edited by

              Quite simple really. If the only access to the router controls (command line and browser configurator) must go thru an SSH tunnel that itself requires keys with passwords disabled then it is much more secure. Using https over a secure ssh tunnel offers no additional security and consumes more device resources. Here only a single port is open to the outside instead of 2. I support many, many routers with many router OS. Some routers dont have the resources to run https. However, all run SSH with keys which allows a common and secure method to access both command line and browser router controls.
              thanks
              oldunixguy

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                That is dangerously incorrect. There is more to HTTPS than encryption when used properly.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.