Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NGINX error - iPhone sending request

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Something running on your iphone is trying to access that page at what it sees as it's public IP address, the pfSense WAN.
      That request is allowed through the firewall by default as it comes from LAN but that page doesn't exist in pfSense so nginx shows that error trying to serve the request.

      The question is why is your iphone doing that?

      Steve

      1 Reply Last reply Reply Quote 0
      • N
        newberger
        last edited by

        Hi Steve - thanks for the reply, that is a helpful explanation. Yes, I am also wondering why it's trying to do that. I'll see if I can narrow down which app is sending the request via trial and error.

        I wonder if an app (or even the phone) is trying to verify some account login information? If I can identify the app, it may clarify what's going on.

        1 Reply Last reply Reply Quote 0
        • T
          tim.mcmanus
          last edited by

          Are you running services on your internal network that are accessible to the internet, like a mail server? If you do not have internal DNS mapping to internal IP addresses, the DNS lookup will return your internet-facing IP address, and that might be causing this situation.

          1 Reply Last reply Reply Quote 1
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, there's a good chance it's that. In which case:

            https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html

            Steve

            1 Reply Last reply Reply Quote 0
            • N
              newberger
              last edited by

              Tim, thanks for the reply, but no, I don't have anything on the internal system that's available to the internet - definitely not running a mail server.

              Steve - I looked at the article and none of my NAT settings are enabled as described in the document. However, I haven't installed anything that would require these changes and this nginx error is fairly new.

              Also the error is listing the IP of the iPhone?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                You have no portforwards setup?

                What it looks like is you had something running on you internal network that is resolved to your external WAN address, with dyndns maybe. Your phone was connecting to it externally and now it's inside the network it's still trying.

                Steve

                N 1 Reply Last reply Reply Quote 0
                • N
                  newberger @stephenw10
                  last edited by

                  Hi Steve - sorry, I do have two port forwards: one external port forward setup, so I can access a specific device (ISY Home Control device) and one internal port forward (NUT control).

                  However, the iPhone that is sending this request does not have the ISY control app installed.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    @newberger said in NGINX error - iPhone sending request:

                    /usr/local/www/cgi-bin/authLogin.cgi

                    That looks most likely to be a QNAP login page. Do you have a QNAP device?

                    If not it also appears to be known exploit vector that something may be attempting to use. Maybe spoofing the IP of your iphone.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • N
                      newberger
                      last edited by

                      Steve - Yes, I do have a QNAP NAS. The phone does backup to the QNAP via the QFile app, but the app was not running when these requests were sent.

                      The requests are only occurring when the phone is in the home, on wifi, so I don't think it's another device spoofing.

                      I didn't see anything in online search results that indicated that this is QNAP-related. However, after your post, when I search online for only "authLogin.cgi", I see the exploit you are describing. I had just run QNAPs malware scanner yesterday (due to a different email) and the NAS showed to be clean.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Ok, if your phone is backing up to the QNAP it's likely legitimate traffic rather than something trying to exploit the NAS.
                        However it's running at the wrong time then as it's trying to connect via what the QNAP sees as it's external address and instead hitting the pfSense GUI.
                        It's probably harmless but you could block access to the WAN address on port 443 from the LAN subnet to prevent it.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.