Backup Script Says 403: Forbidden
-
Hi all,
based on this documentation I am trying to perform my regular backups.
I just did cut&paste of the comands noted there (for 2.3.3 and later) but everytime when I run the last command I am getting an 403 error:
root@ucs:~/backup/pfsense# wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 csrf2.txt)" https://pfsense:60443/diag_backup.php -O config-router-`date +%d%m%Y`.xml --2019-04-08 22:12:05-- https://pfsense:60443/diag_backup.php Auflösen des Hostnamens »pfsense (pfsense)« … 192.168.9.1 Verbindungsaufbau zu pfsense (pfsense)|192.168.9.1|:60443 … verbunden. WARNUNG: Dem Zertifikat von »pfsense« wird nicht vertraut. WARNUNG: Das Zertifikat von »»pfsense«« wurde von einem unbekannten Austeller herausgegeben. HTTP-Anforderung gesendet, auf Antwort wird gewartet … 403 Forbidden 2019-04-08 22:12:05 FEHLER 403: Forbidden.
English translation as far as needed:
WARNING: Certificate is not trusted.
WARNING: Certificate of pfsense is from an unknown issurerAnyone having an idea why I am getting a 403 error?
I am getting an XML File and as far as I see it has content, but is it useable?
Thanks for ideas!
/KNEBB
-
The client you are running wget from is warning you that the https server you're trying to talk to doesn't have a valid cert. You will need to figure out for your client how to import the pfsense certificate and CA so that these warnings stop.
-
@KOM said in Backup Script Says 403: Forbidden:
The client you are running wget from is warning you that the https server you're trying to talk to doesn't have a valid cert. You will need to figure out for your client how to import the pfsense certificate and CA so that these warnings stop.
Sorry, but I do not mind about the warnings. As these are only warnings an not errors I am easily going to ignore them as my pfsense indeed uses self-signed certificates. But this is not the reason for 403 which is a server message while the warnings are a client message.
I am wondering about 403- what part is not accessible and why?
/KNEBB
-
Sorry, I thought the translated English was the error. Perhaps the server sends a 403 if wget does not accept its cert?
Try switching WebGUI to http mode, edit your script accordingly and see if your problem disappears.
-
Sorry but SSL is for sure not the reason. 403 can happen on a non-SSL connection, too.
Must be something else.
/KNEBB
-
Yes, I am aware that 403 are usually for permissions issues, but would it hurt to try my test? Just taking a wild guess. Anything in the logs about your connection attempt?
-
Hi,
your hint regarding the logs was really good. I usually check logs at first but this time I just forgot about it.
I got this:
Apr 8 21:20:53 php-fpm /diag_backup.php: webConfigurator authentication error for user 'admin' from: 192.168.9.10 Apr 8 21:20:53 sshguard 27528 Attack from "192.168.9.10" on service 380 with danger 10.
For better reading I used the backslash to skip the newline sign but then I added spaces to ident which broke up the URL parameters...
In the end it was an escaping error. Instead oflogin=Login&username=admin...
I send
login=Login& username=admin...
Now fixed- thanks for the hint!
/KNEBB
-
Glad to hear you got it working.