HTTP_REFERER Message When Trying To Access Administration Web Site

  • One of our pfSense boxes will not allow us to login to it via the web interface anymore. I've searched for similiar issues
    in the forums here but it seems the people that encountered this had just restored their system.

    In our case the pfSense box seems to still be doing its job, we just can't get into the interface to see anything.
    I can type "Admin" and any password not just the correct password and it still throws the error. I thought it might
    be a browser issue so I attempted to access with Firefox, Chrome, and IE with no luck. It just throws up the error
    and we can't get any further. We have an identical pfSense box at another site that is not yet experiencing the issue.
    Version : 2.0-RC3(Amd64)

    It is just being used to segregate two networks. No bells and whistles being used here.

    Error :
    An HTTP_REFERER was detected other than what is defined in System > Advanced (http://10.x.x.253/). You can
    disable this check if needed in System –> Advanced --> Admin

    I have restarted the box 1 time so far.

    I would appreciate any help or ideas that the community has to offer.



  • username and password are both case sensitive. Did you mean admin rather than Admin?

    Have you followed the hint about HTTP_REFERER returned to the browser and read the referenced wikipedia article?

  • Try to access the box using an other interface and then connect to the webGUI.
    if you have a openvpn connection to this box then try it with a vpn connection.

    after this you can just disable this check or (better) configure it the right way ( I do not know how to do this ).

  • Well this is resolved. I appreciate the comments.
    This firewall was setup with two interfaces one to each side of the network.
    One of these interfaces would not connect to the webconfig at all, the other would
    get you there but throw the HTTP error.
    Come to find out the admin who put this box in documented the IP address of both interfaces
    but did not document the third IP that he used for the webconfig.
    I can get to it now.

    @Wallabybob - Good to know about the case senistivity.