Changed HTTPS to HTTP, now can't log in to Web UI
-
@larrym04
So login via SSH. There is an option to revert to former config settings. 15 in the menu, as far as I can remember.Next time when making changes be a bit more careful.
-
Please describe can't login. You see the login screen and it says "no" or you do not see the login screen?
If it is the first one try Edge, safari... I have had Chrome not work when I had 2 pfSense firewalls up, could login to one, the other said no. Edge had no issue, ended up resetting chrome.
-
@viragomann I saw that, but the choices were only for previous VPN config changes
-
@andyrh THAT's IT! I tried Brave browser and no problem. So now I'm confused... Chrome worked, but complained that HTTPS wasn't secure, now with HTTP it won't go passed the login page, it just keeps presenting that page (see edit in original post)
So do I need to delete data in Chrome?
Thanks!!
-
@larrym04 I ended up clearing all browser data in Chrome.
-
@andyrh Well now I broke it even worse. Set it back to HTTPS and now the login page presents a pop-up saying that cookies must be enabled... I have cookies enabled. Can't login from either Chrome or Brave. Same pop up on both
-
@andyrh Whew! I logged in ssh and this time there was a recent change to go back to and both Chrome and Brave can log in. ... but what's up with the complaint about cookies are required? Neither browser is blocking any cookies
-
@larrym04 I am not a browser fixer. I like the factory reset option when they go bad and I keep 3 on my PC so when 1 breaks I can move the the next one.
-
@andyrh I hear you. Chrome, Firefox, and Brave are on my box. Right now Firefox is down because it has and issue with the driver for my video card.
I got it back to HTTP. Chrome and Brave can log in and don't complain about not being secure, so all is good again.
Thank you
-
If you visited the GUI when it was HTTPS, then it likely saw the HSTS config and then (rightly) decided downgrading to HTTP was a security regression.
Different browsers handle HSTS differently, might be you need to clear the cookies for the firewall, or the cache.
Though honestly there is unlikely to be a legitimate reason not to use HTTPS these days. It's just asking for trouble to make it HTTP.
-
@jimp I'm not sure I understand why I'd want the interface to be HTTPS, when it doesn't. The whole reason I changed to HTTP was because the hassle that Chrome made complaining that it wasn't a secure connection.
This in my house, I use the system just to force a VPN connection.
-
The warnings about HTTPS out of the box are only that the certificate is self-signed. You still get all the benefits of HTTPS just not the trust chain. Though even that can be solved in various ways.
You still need/want HTTPS on a local network. Especially if you access the firewall over wireless. The debate about all that is long over. Plenty of resources out there with the reasoning.
-
@larrym04 To avoid all of this, IMO the best (and most secure) option is to download the Acme package and get yourself a free LetsEncrypt cert so you can have that tasty green padlock. It's not too difficult, and you won't need to keep hitting that Advanced button.
