XG-7100 appliance HTTP_REFERER issue when changing LAN IP in webGUI



  • I'm seeing a similar issue to the bug reported in the setup wizard here: https://redmine.pfsense.org/issues/8524

    I tried not changing my LAN IP in the setup wizard in order to reach the end of the setup wizard which I did. However, I then tried changing the LAN IP in the webGUI and got the same error. The system continued to respond @ the default IP (192.168.1.1) and when I checked the console I got a conflicting view of the state of affairs:

    Welcome to pfSense 2.4.3-RELEASE-p1 (amd64) on pfSense ***
    WAN (wan) -> lagg0.4090 -> v4: x.x.x.x/29
    LAN (lan) -> lagg0.4091 -> v4: 10.x.x.1/24
    OPT1 (opt1) -> ix0 ->
    OPT2 (opt2) -> ix1 ->

    lagg0.4091: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    ether 00:08:xx:xx:xx:xx
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
    inet6 fe80::1:1%lagg0.4091 prefixlen 64 scopeid 0x15
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: active
    vlan: 4091 vlanpcp: 0 parent interface: lagg0
    groups: vlan

    I've done this several times following factory default resets as well as a full system re-image using pfSense-netgate-memstick-XG-7100-2.4.3-RELEASE-p1-amd64.img.gz and it happens every time. The error on the webGUI is:

    An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://192.168.1.1/index.php?logout). If not needed, this check can be disabled in System -> Advanced -> Admin.



  • It's been a while but I think I ran into something like this when I didn't restart after changing the LAN IP.



  • For sure restarting the system after changing the LAN IP sorts things out ... but it doesn't seem right that changing the LAN IP puts things into this inconsistent state that throws errors where you'd have to get on the console to even restart since the webUI stops working. The bug about this in the wizard seems to have been fixed in 2.4.4 but they recommended I start by posting here for discussion/verification before calling it a bug.


  • Rebel Alliance Developer Netgate

    Can you write out the exact procedure to reproduce it? The pages you were on, the values changed, buttons clicks, etc.



  • @jimp said in XG-7100 appliance HTTP_REFERER issue when changing LAN IP in webGUI:

    Can you write out the exact procedure to reproduce it? The pages you were on, the values changed, buttons clicks, etc.

    It's been months, and unfortunately I don't have one to play with right now, but I'm pretty sure I just went to Interfaces/LAN, changed the LAN IP, and didn't immediately restart. I can't remember if this was on an old PC, or an SG-3100, or possibly both. I know it wasn't an XG-7100 though. I just didn't give it a lot of thought at the time...mostly "oh that was dumb I should have restarted."

    I suppose a workaround is to set the old and new IPs as HTTP_REFERER values before changing the IP.


  • Rebel Alliance Developer Netgate

    @teamits said in XG-7100 appliance HTTP_REFERER issue when changing LAN IP in webGUI:

    @jimp said in XG-7100 appliance HTTP_REFERER issue when changing LAN IP in webGUI:

    Can you write out the exact procedure to reproduce it? The pages you were on, the values changed, buttons clicks, etc.

    It's been months, and unfortunately I don't have one to play with right now, but I'm pretty sure I just went to Interfaces/LAN, changed the LAN IP, and didn't immediately restart. I can't remember if this was on an old PC, or an SG-3100, or possibly both. I know it wasn't an XG-7100 though. I just didn't give it a lot of thought at the time...mostly "oh that was dumb I should have restarted."

    I can't seem to make that happen on my 3100 here but I was able to make the wizard issue happen when that was a problem.

    I suppose a workaround is to set the old and new IPs as HTTP_REFERER values before changing the IP.

    That's essentially what the wizard does, if you change the address it temporarily adds the old address to the allowed referring URL list and then when the wizard completes and applies settings it takes it out. Something similar could probably be done for this method as well but I need to know how to reproduce it more reliably first.

    I have a 7100 landing here tomorrow I can try it on but I'll be busy with the hangout so I probably can't look into it deeper until next week.



  • Understood. Next one we set up I'll try to break it. I just remember stumbling into it.



  • Here are the steps I took (just re-ran to re-confirm):

    • Reset unit to factory defaults
    • Access WebGUI @ https://192.168.1.1
    • Complete the setup wizard, but do not change the LAN IP at this time. I set a static WAN IP out of habit, but I'm not sure this needs to be done
    • Once you reach step 9 and it finishes you will be back in the WebGUI at the same/default IP address
    • Now access the WebGUI and change the LAN IP by doing the following:
      - select interfaces
      - select LAN
      - change only the static IPv4 address from 192.168.1.1 to something else (I used 10.1.1.1)
      - click save

    You will get the red error page that says "An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://192.168.1.1/index.php?logout). If not needed, this check can be disabled in System -> Advanced -> Admin." and the only way to fix it is to get on the console and/or reboot



  • That's pretty much all I remember doing. :)


  • Rebel Alliance Developer Netgate

    I was finally able to reproduce this, turns out that for whatever reason the interfaces.php page wouldn't give me the error but if I went away to something else like DHCP settings then it failed.

    I opened https://redmine.pfsense.org/issues/8822 for this and just pushed a fix that corrected it for me.