Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Rebind attack with HAProxy

    DHCP and DNS
    1
    1
    95
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erichium
      last edited by erichium

      I've run out of ideas trying to get custom DNS entries to work locally. I want plex.home.arpa to navigate to my self-hosted server at 192.168.1.11:32400, but I get the DNS Rebind attack pfSense page. I don't want to worry about any of the certs/SSL stuff for now.

      What I've done.

      • used as reference
        • https://www.youtube.com/watch?v=fLV3kF3QIws
        • https://www.youtube.com/watch?v=bU85dgHSb2E
      • pfSense IP: 192.168.1.1
      • configured DNS Resolver
        • Host: plex
        • Parent domain of host: home.arpa
        • IP to return for host: 192.168.1.1
      • configured HAProxy
        • Backend
          • Name: Plex
          • Server list
            • Name: Plex
            • Forwardto: Address+Port
            • Address: 192.168.1.11
            • Port: 32400
            • Encrypt(SSL): no
            • SSL checks: no
        • Frontend
          • Name: Plex
          • External address
            • Listen address: LAN address (IPv4)
            • Port: 32400
            • SSL Offloading: unchecked
          • Access Control lists
            • Name: plex
            • Expression: Host matches:
            • CS: no
            • Not: no
            • Value: plex.home.arpa
          • Actions
            • Action: Use Backend
            • Condition acl names: plex
            • backend: Plex

      I've tried disabling DNS Rebinding Checks to (via System / Advanced / Admin Access checking Disable DNS Rebinding Checks), but that just navigates to 192.168.1.1 (pfSense admin page).

      What am I doing wrong?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.