• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CSRF Check Failed on Login with no internet

Scheduled Pinned Locked Moved webGUI
23 Posts 10 Posters 16.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    Niquest
    last edited by Oct 12, 2018, 5:41 PM

    I've got my pfsense box set up with a static WAN IP and DNS servers. I'm on pfSense 2.4.4. I have my webGUI set to use SSL. When my internet goes down, or if I unplug the modem from the router, and then I try to log into the webGUI, I get a CSRF Check failed error. I can consistently re-create this issue, and I've tried it on 3 different computers, with Firefox, Chrome, and IE; both before and after clearing the cache. As soon as the internet is restored, It starts working again. While the internet is disconnected, I can still log in via SSH, and from there, it shows my webGUI logins are succeeding. The only fix I've found is to disable SSL on the webGUI interface, which I'd really rather not do.

    Has anyone else run into this?
    Can anyone point me in the right direction?

    A few other notes about my setup:
    I'm using the DNS resolver, with DNSSEC enabled. DNS over SSL is NOT enabled.
    I have 2 LANs on 2 separate NICs, different subnets, totally isolated from each other. Only one of them has access to the webGUI.
    I have a single openVPN server set up for outside access.

    X 1 Reply Last reply Oct 19, 2019, 12:58 PM Reply Quote 1
    • E
      Erutan409
      last edited by Oct 31, 2018, 1:43 AM

      Yes, I just encountered this issue. I even went as far as cloning the 2.4.4 repo branch to see if I could track down what the main page is trying to call to when it's loading. I figure it's either some kind of call-home or checking for the latest version; even though it looks like it's an asynchronous request being made when I click the refresh button. Would love to get confirmation and/or clarification on that from a dev who works on the interface.

      Something I'd suggest in the meantime, though (and why I came to the aforementioned conclusion):

      After logging in, try opening another tab to some URL that isn't the homepage. Those loaded just as fast as they usually would in normal circumstances. It's got to be some external resource(s) being called to on that main page that are hanging it up because they can't resolve.

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Oct 31, 2018, 2:39 PM

        Only time I've seen a CSRF check fail is due to the clock. The CSRF tokens are only valid for a couple hours. If you load the login page and don't refresh, but don't login until hours later, then it fails. Similarly, if you load the login page and the firewall clock gets updated via NTP so it jumps ahead more than the time CSRF tokens are valid, it also fails.

        I don't see how it would happen when offline, however. Not unless something else is causing a huge skew in your system clock.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E
          Erutan409
          last edited by Oct 31, 2018, 4:57 PM

          My system clock was running just fine from what I can remember.

          1 Reply Last reply Reply Quote 0
          • N
            Niquest
            last edited by Nov 1, 2018, 8:35 PM

            I know that both the system clock I was logging into from and the pfsense clock were correct BEFORE I disconnected the WAN side, but I didn't check the PFsense clock while disconnected. I know it was correct after I reconnected the WAN side, but I'm using NTP to keep the pfsense clock up to date. I'll test that later and see what I come up with, but I see no reason it would have changed

            1 Reply Last reply Reply Quote 0
            • X
              Ximulate @Niquest
              last edited by Oct 19, 2019, 12:58 PM

              Curious if there was a resolution to this? This happens to me also.

              1 Reply Last reply Reply Quote 0
              • Y
                yaminb
                last edited by Feb 3, 2020, 2:21 PM

                I've seen this issue as well. I haven't tried to seek the cause as generally I just retry a few times and it works. Just from anecdotal evidence, it seems to happen more from my smartphone then from my desktop.

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Feb 3, 2020, 8:01 PM

                  Since this thread was last updated, I found a more common way to reproduce the problem: https://redmine.pfsense.org/issues/9855

                  But that's the only way I've been able to trigger it at login. Maybe if you don't have an internet connection and it takes a while for the page to load, you clicked it twice and hit that problem.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • X
                    Ximulate
                    last edited by Feb 4, 2020, 10:40 PM

                    I still get this error often when offline, so thank you for checking into this. While I'm not yet conviced this only happens when you click twice, I can confirm that clicking twice does cause the error. Moving forward, I will know to pay attention to that when logging in.

                    Is there a way to speed up the page load when offline? I've already disabled check for updates.

                    1 Reply Last reply Reply Quote 0
                    • B
                      bgroper
                      last edited by May 7, 2020, 11:23 PM

                      I just seen this error today. Internet is all connected. Maybe a clock issue. Dunno.

                      CSRF check failed

                      Missing or expired CSRF token
                      Form session may have expired, cookies may not be enabled, or possible CSRF-based attack.
                      Resubmitting this request may put the firewall at risk or lead to unintended behavior.

                      I'm not a complete idiot. There's still a few pieces missing.

                      1 Reply Last reply Reply Quote 0
                      • B
                        bigjohns97
                        last edited by Aug 12, 2020, 12:59 PM

                        I am getting this error quite often, almost every time I login now and I do not have internet issues.

                        1 Reply Last reply Reply Quote 0
                        • D
                          dma_pf
                          last edited by Aug 20, 2020, 12:43 PM

                          This also happens to me almost every time I use the GUI. This has been happening for months.

                          In my case I am always logged into pfsense from a laptop connected by ethernet cable to the LAN. The WAN has always been up at the time that it happens.

                          Currently I'm using Firefox 79.0 64 bit, but this has happened on earlier versions as well. It seems to be more of a prominent issue if I have several tabs open in the browser with different pfsense GUI pages open. I am logging into the GUI by HTTPS (not HTTP) and I have imported the GUI certificate in pfsense into the certificate manager in Firefox.

                          I'm not sure if this is a related issue or not, but I am also having issues with timeouts in the GUI which I posted about here: https://forum.netgate.com/topic/156131/gui-timeout

                          I'm running pfsense version 2.4.4-RELEASE-p3 (amd64). Just ask me if there's anything I can do to help troubleshoot this issue further. I'm happy to help!

                          1 Reply Last reply Reply Quote 0
                          • B
                            bigjohns97
                            last edited by Aug 20, 2020, 12:48 PM

                            I updated to 2.5.x yesterday trying to fix this issue and it did not fix it so it has nothing to do with the internet being down or being able to resolve ews.netgate.com

                            1 Reply Last reply Reply Quote 0
                            • J
                              jimp Rebel Alliance Developer Netgate
                              last edited by Aug 20, 2020, 12:52 PM

                              As I mentioned before the only way I can reproduce this is to double click the "Sign In" button on the login page. So before anything else, make sure you are not double clicking / double tapping that button.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              B 1 Reply Last reply Aug 20, 2020, 12:54 PM Reply Quote 0
                              • B
                                bigjohns97 @jimp
                                last edited by Aug 20, 2020, 12:54 PM

                                @jimp When I just click once it just sits and spins and never shows the GUI, checking logs it does show successful login (twice when i click it the second time)

                                JeGrJ 1 Reply Last reply Aug 20, 2020, 1:04 PM Reply Quote 0
                                • J
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by Aug 20, 2020, 12:57 PM

                                  I haven't seen that happen before but next time it does, try refreshing the page but not resubmitting the form. (Or navigate away from the firewall and back).

                                  Also are you using local auth or a server like LDAP or RADIUS for GUI authentication?

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  B 1 Reply Last reply Aug 20, 2020, 12:58 PM Reply Quote 0
                                  • B
                                    bigjohns97 @jimp
                                    last edited by Aug 20, 2020, 12:58 PM

                                    @jimp Local auth, if I hit f5 the form is cleared and the loading of the page stops.

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      bigjohns97
                                      last edited by bigjohns97 Aug 20, 2020, 1:03 PM Aug 20, 2020, 12:59 PM

                                      BTW I forgot to mention this only happens with Chrome, and it does happen after clearing cache and in ingcognito.

                                      1 Reply Last reply Reply Quote 0
                                      • JeGrJ
                                        JeGr LAYER 8 Moderator @bigjohns97
                                        last edited by JeGr Aug 20, 2020, 1:07 PM Aug 20, 2020, 1:04 PM

                                        @bigjohns97 said in CSRF Check Failed on Login with no internet:

                                        @jimp When I just click once it just sits and spins and never shows the GUI, checking logs it does show successful login (twice when i click it the second time)

                                        I had that phenomenom with an older chrome version. Never had that effect with edgium, chromium or other browsers though but I'm guessing it was somewhat related to blocking referrer, cookies or scripts. After login it just "loaded endlessly" and if you clicked the URL bar and hit enter you were immediatly logged in on the dashboard (that's why I was guessing it had something to do with the browser not getting the redirection/rewrite properly after logging in). But that's completely browser related and no failure of CSRF or the pfSense login page IMHO.

                                        Another interesting fact: another chrome profile with no extensions and "blank" didn't have that problems, it was only the one profile I used for work, with my private one I had no redirection/login issue. Perhaps that's something @bigjohns97 can test: create a new fresh clean chrome profile, switch to it, don't have any extensions etc. loaded and just try default chrome settings and try logging in. Perhaps it's something with your profile like mine.

                                        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                        B 2 Replies Last reply Aug 20, 2020, 1:10 PM Reply Quote 0
                                        • B
                                          bigjohns97 @JeGr
                                          last edited by Aug 20, 2020, 1:10 PM

                                          @JeGr This is very interesting, clicking the address bar and then hitting f5 does login immediately, just hitting f5 doesn't do anything but clear the forum.

                                          Doing incognito produces the same result which is what a new profile would produce as well, I do have it set to not load add-in's on incognito.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received