Embed graph.php in external web page without login

obstler · Dec 10, 2011, 11:28 AM

I would like to include the traffic graph (coming from graph.php) in an external status web page, but this only works if the browser is already logged in into the pfsense webadmin beforehand. Otherwise trying to access graph.php simply redirects to the pfsense login page.

Is there any way to disable the login requirements for the graph.php or some other way to anonymously request the graph from pfsense?

marcelloc · Dec 11, 2011, 2:51 AM

/user/local/www/guiconfig.inc is the file(not 100% sure) that checks user login state.

Take a look there.

If you are going to edit this file, test your file on a pfsense not in production box.

joako · Dec 11, 2011, 4:50 AM

Another approach might be to enable SNMP in pfSense and use MRTG, RRD, etc on a remote host to generate independent graphs. In theory it is more secure and you don't need to worry about maintaining changes in the codebase. If in the future you decide to upgrade pfSense or swap it out for something else it would be much easier to keep it running.

obstler · Dec 11, 2011, 2:06 PM

While I do agree that the snmp solution is definitely the proper route to go, it is a bit overkill for this purpose.

All I want is the instantaneous traffic graph showing the current inbound/outbound throughput that updates every couple seconds – the svg graph is perfect for that: no additional processes, nothing needing to be stored, etc.

I looked at the various php pages that handle the login (thanks for the pointer on where to start), and that really is a bit of a hack. unfortunately I haven't found any other solution: just tried adding a new basic user and included username:pwd in the url for accessing graph.php, but since the webgui doesn't use webserver basic authentication this doesn't work either.

So I guess i'll just have to hack something into /etc/inc/authgui.inc and remember to re-apply after each upgrade... If anyone knows a better solution I'd still be happy to hear it ;)

obstler · Feb 11, 2012, 1:16 PM

I just managed the hack and thought I'll post it here in case someone else might want to include a graph in another page.

I made copies of the required files and didn't touch the originals.

_graph.php, _ifstats.php at the top:


require_once("auth.inc");
$_SESSION['Logged_In'] = "True";
$_SESSION['Username'] = "graphuser";
$_SESSION['last_access'] = time();
$HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
require_once("_guiconfig.inc");

also in _graph.php add the _ for the modified page:

$fetch_link = "_ifstats.php?if=" . htmlspecialchars($ifnum);

and in _guiconfig.inc:

comment the line like this:

//require_once("authgui.inc");

you can then embed the graph like so:

http://pf.sense.ip/_graph.php?ifnum=wan&ifname=WAN&timeint=10

I know this is quite a mess of a hack, but this allows me to include the graph in another intranet status page.

I'm sure this could be simplified somehow, but I didn't have the time to go through all the includes and trace the workflow – this seems to work for now.

the same procedure also works for _rrd_img.php, if someone wants to include rrd graphs.

Efonnes · Feb 12, 2012, 7:36 AM

If you want to allow anonymous access to graph.php, I don't think it required much beyond commenting out or removing the line that includes guiconfig.inc. I think it either doesn't use anything from there or what it does use was minimal.

obstler · Feb 12, 2012, 10:33 AM

just removing the include was my first try – didn't work.

would be nice if there was some built-in support for allowing anonymous access to certain pages.