Still can't get in to web UI using dynFQDN after disabling http_referrer check



  • 2.0-BETA4  (i386)
    built on Thu Nov 11 23:42:14 EST 2010
    FreeBSD 8.1-RELEASE-p1

    I can log in using the IP address, but using the hostname (on LAN) or FQDN (dyndns) on WAN causes the http_referrer error, even though I have disabled that function.



  • same here



  • I have the same problem.



  • http_referrer check is also not effected by the alternate hostnames list, even though the Admin page says it does.



  • i fixed it just changed the name of my PFSense and the domain, i setted the name like the host in no-ip.org and no-ip.org in the domain.



  • 2.0-BETA4 (i386)
    built on Sat Nov 13 09:16:47 EST 2010
    FreeBSD 8.1-RELEASE-p1

    I updated today from the Nov 7 release and experienced the HTTP_REFERER error attempting to reach any page but the dashboard.  The dashboard also has problem displaying update status.  Accessing via IP gave me full access.  Disabling HTTP_REFERER test on the admin page did not resolve this issue.  Adding my hostname and FQDN to the Alternative Hostnames list resolved the majority of this issue (I am able to access all pages again), even with the HTTP_REFERER test enabled although the update status in the dashboard still reports an error when not using a FQDN.  My LAN DNS server is first on my DNS list for resolving and my non-FQDN resolves on the command line.  I haven't looked very deeply into this beyond the above but I am available for further details/testing.



  • Just experienced similar problem with the following current snapshot:

    2.0-BETA4 (i386)
    built on Sun Nov 14 03:54:29 EST 2010

    1. Disabling HTTP_REFERER enforcement check does not solve the problem - it appears that this setting is not working at all.
    2. When accessing web UI by real IP addresses on any interface - everything works fine.
    3. When trying to access web UI on any interface by any of the virtual IP addresses, getting HTTP_REFERER check error.
    4. Tried to add DNS records to internal zone which pointed to real internal interface IP address and then added that record to "Alternate hostnames" in pfSense settings: HTTP_REFERER error still appeared.



  • I had the same problem…

    I am connecting to my box with https://hostname:8443. What I did is enter the FQDN as hostname.domain.local into the 'Alternate Hostnames' field under advanced and then it worked for me. No need to disable the http_referer check...



  • I have the same problem. Entering the FQDN didn't help, and neither does disabling the check.

    I'm currently on
    2.0-BETA4 (i386)
    built on Tue Nov 16 19:31:14 EST 2010

    Also, maybe this is relevant: my Webgui is not running on port 80 or 443, but on port 81 with https enabled.



  • For me, it works fine, until I connect my second wan (opt5), then I have to use the FQDN to access the router.



  • Now (2.0-BETA4 (i386) built on Thu Nov 18 23:22:28 EST 2010 ) its working! thx guys!  :)

    btw, is there a bugtracker of some sorts?





  • For build Sun Nov 21 02:37:38 EST 2010 I may confirm the following:

    • disabling HTTP_REFERER enforcement check allows connecting to pfSense via any IP/hostname
    • when HTTP_REFERER check is enabled, the error still apears when connecting via virtual IP (I'm using CARP type virtual IPs); when connecting to "real" interface's IP adress - error does not appear

    IMHO: there's some kind of mistake in HTTP referer check logic - it should consider virtual IPs, but it does not (at least CARP type)



  • It should as of yesterday.



  • Had an opportunity to test with the version below - "CARP VIP problem" is gone, thanks!

    2.0-BETA4 (i386)
    built on Sat Dec 4 01:44:52 EST 2010


Log in to reply