Edit config.xml
-
Hi,
I have pfsense 2.0.1 install on it's own server. I am having the same issue as many others.
Error: 501 Description: An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://10.0.0.136/). You can disable this check if needed in System -> Advanced -> Admin.
I access the box by going to 10.0.0.136 so I am not coming from the outside.
When I access the webconfig page and I try to save the checkmark in the Disable HTTP_REFERER enforcement check box. I can't save it because the webpage returns the same error.
I can also access the physical box itself.
I have put the config.xml file into edit mode and to properly place the nohttpreferercheck in the webgui section. However I want to ask exactly how that is to be done.
Here is the section in the config.xml file
<webgui><protocol>https</protocol> <ssl-certref>50d1ed60453xx</ssl-certref></webgui>So my question is how is nohttpreferercheck placed in that section what are the open and close tags for it if any?
Sincerely,
Brendhan
-
access your pfsense via ssh and forward gui port on it.
then access https://127.0.0.1:pfsense_port and make your changes.
for example:
ssh -L 443:127.0.0.1:443 root@pfsense_ipor access it without names, just with ip address.
-
access your pfsense via ssh and forward gui port on it.
then access https://127.0.0.1:pfsense_port and make your changes.
for example:
ssh -L 443:127.0.0.1:443 root@pfsense_ipor access it without names, just with ip address.
SSH is not working properly. Can help me with the config file?
Sincerely,
Brendhan
-
use viconfig(carefully) to edit config.xml
<webgui><protocol>https</protocol>
<ssl-certref>XXXXXXXXXX</ssl-certref>
<port>XXXXX</port>
<max_procs>16</max_procs></webgui> -
use viconfig(carefully) to edit config.xml
<webgui><protocol>https</protocol>
<ssl-certref>XXXXXXXXXX</ssl-certref>
<port>XXXXX</port>
<max_procs>16</max_procs></webgui>Thank you. I am trying it now.
Sincerely,
Brendhan
-
Okay, that worked.
Let me give some details for those who come behind.
I had physical access to my pfsense box. Despite enabling ssh I could not access the box with ssh.
From the main page on the pfsense box. option 8 is the command shell. So I entered 8
It goes to a command line.I had to do a find / -name config.xml to find the file. Do not use the one in the defaults section.
I use ee not vi.
ee /cf/conf/config.xml <--- Your location may varyGo to the webgui section
<webgui><protocol>https</protocol> <ssl-certref>50d1ed60453xx</ssl-certref></webgui>and add the following
<webgui><protocol>https</protocol> <ssl-certref>50d1ed60453xx</ssl-certref> <max_procs>16</max_procs> <--add this <nodnsrebindcheck><--add this <nohttpreferercheck><--add this</nohttpreferercheck></nodnsrebindcheck></webgui>Once you exit and save the changes you have to remove the tmp cache. At the command line type this;
rm /tmp/config.cacheThen if you go into your webpae of pfsense you should now stop getting the
Error: 501 Description: An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://10.0.0.136/). You can disable this check if needed in System -> Advanced -> Admin
when you try to go to the pages. I still see it in the dashboard under the version box but it does not affect anything as far as trying to make changes to the configuration.
Thanks to marcello for his help on this matter.
Sincerely,
Brendhan
-
FYI- on 2.0.2 or 2.1, from the shell, just run:
pfSsh.php playback disablereferercheckOr from the PHP Shell you can manually run:
global $config; $config = parse_config(true); $config['system']['webgui']['nohttpreferercheck'] = true; echo "Disabling HTTP referer check..."; write_config("PHP shell disabled HTTP referer check"); echo "done.\n";Less room for error that way than hand-editing the config.
