Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Webconfigurator - Access restrictions apply?

    webGUI
    webconfigurator http https
    3
    5
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      udippel
      last edited by

      I'm kind of stunned, since I enable https in the Webconfigurator, under advanced. PLUS, disable http at that same location.
      However, the system constantly offers me both, and I can administrate our pfsense easily through an hhtp-connection, and nmap offers an open http-port just as well.
      2.4.3_1, by the way.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        Metoo !

        But the other way around.
        I can't enter the GUI using http://pfsense.my-local.net:80 (that is, I'm redirected to https:// and all is well) - entering the GUI using http://192.168.1.1:80 and my browser yells about Certificate not ok etc etc - which is perfectly normal.

        These are your settings :
        0_1536064624406_3666f621-5eee-40cb-8dd4-d1c7825b0df1-image.png
        ?
        (except for the certicate - an V2 from Letsencrypt/acme)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • MikeV7896M
          MikeV7896
          last edited by

          If you enable SSL, port 80 remains open to redirect to 443. There’s an option to disable the redirect if you prefer, also on the Advanced settings page.

          As far as using IP address vs host name and getting a security error, this happens when the certificate doesn’t have the LAN IP address(es) as part of the SAN (server alternate name) field when the certificate is generated. However, I don’t think it’s possible to use an RFC 1918 address as a SAN with ACME because there’s no way for the system to verify a private network host from the internet.

          The S in IOT stands for Security

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @virgiliomi : exact - thanks for detailing that one.

            @udippel : You could consider the "who cares setup" : Leave the LAN interface only for for administration devices, like your PC - and you.
            All other people, guest, pests, etc : on OPtx.
            Or/and : re-enforce with your interfaces with firewall rules.

            Also : goto console access and hit option 11. Does that settle things out ? Because me, whatever I try on port "80" on pfSense, I'm thrown to https:// right away - and I'm not running other web services on pfSense anyway.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • U
              udippel
              last edited by

              Okey-dokey.

              Though here it reads:
              "Wenn nicht aktiviert, wird Port 80 automatisch auf den HTTPS Port weitergeleitet. Aktivieren, um die automatische Weiterleitung zu deaktivieren." which sounds to me, the native German speaker, the other way round.

              Thanks to all who answered, I think I understand the behaviour.
              And yet, I can't really see the point of this behaviour, to me at least it is unexpected. Not?

              Thanks again,

              Uwe

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.