Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    An HTTP_REFERER error

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 23.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      indeec
      last edited by

      First of all hello everybody.

      I maked a fresh pfsense install with the latest build and get an error when try to log in the web interface:

      An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://192.168.2.1:8080/). You can disable this check if needed in System -> Advanced -> Admin.

      I know that this is old bug and there are some workaround. But no one of them help me. I installed pfsense on the VM. Just want to see if i can use it.
      So, my question is: can i switch off the http referer or all security checks from pfsense developer shell or through ssh? I think, if it possible, it can be usefull for many people.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you access the firewall by its actual IP address that won't be an issue. You must be trying to access it via some other NAT or weird routing way.

        Normally in a VM environment you install from the ISO/OVA, setup a VM behind the firewall to reach the gui on its LAN IP, and go from there.

        If you must reach it via the external IP directly, you can add an "allow all" rule temporarily until you can add a real rule to let you in. There is no need to involve NAT on the firewall to reach the GUI.

        http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!#Remotely_Circumvent_Firewall_Lockout_by_Temporarily_Changing_the_Firewall_Rules

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • L
          Lee Sharp
          last edited by

          It also happens if you have a domain names defined in a hosts file, or even on the firewall itself.  Go to System -> Advanced and check "Disable HTTP_REFERER enforcement check" and depending on your environment you may want to check "Disable DNS Rebinding Checks" as well.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.