Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.3 Web UI lockout changing protocol to HTTPS

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dusan
      last edited by

      I upgraded to 2.3-RELEASE (i386) from a fresh install of 2.2.2-RELEASE (i386). After changing Web UI protocol from HTTP (using a non-standard port xx080 TCP) to HTTPS (using a non-standard port xx443 TCP), remote control via the Web UI is lost.

      Further investigation shows that Web UI protocol has been accidentally reverted to default (HTTP/80 TCP). On the relevant interface, by Firewall/Rules, ports xx080 and xx443 TCP are open, but port 80 TCP is not.

      This used to be a known bug in some past versions of pfSense. I don't know if it is a known bug in 2.3.

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        Are you perhaps experiencing an HSTS enforcement?

        pfSense WebGUI issues a one year Strict-Transport-Security header.

        Strict Transport Security (HSTS)
        https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

        1 Reply Last reply Reply Quote 0
        • D
          dusan
          last edited by

          Sorry for late reply. I'm not familiar with HSTS so it took me a time to learn the concept. It's not clear to me how and why HSTS, which enforces HTTPS, could force pfSense to accidentally change the WebUI from HTTP/xx080 or HTTPS/xx443 TCP to HTTP/80 TCP.

          Note: that was the first time I ever change Web UI protocol and port from the WAN interface. When I change them from the LAN interface, nothing strange happens.

          1 Reply Last reply Reply Quote 0
          • M
            mer
            last edited by

            @dusan:

            Sorry for late reply. I'm not familiar with HSTS so it took me a time to learn the concept. It's not clear to me how and why HSTS, which enforces HTTPS, could force pfSense to accidentally change the WebUI from HTTP/xx080 or HTTPS/xx443 TCP to HTTP/80 TCP.

            Note: that was the first time I ever change Web UI protocol and port from the WAN interface. When I change them from the LAN interface, nothing strange happens.

            You're accessing the WebUI from WAN, HTTP, change it to HTTPS and get locked out, is that correct?  But if you do the same operation from LAN, it works as you expect?

            1 Reply Last reply Reply Quote 0
            • D
              dusan
              last edited by

              @mer:

              You're accessing the WebUI from WAN, HTTP, change it to HTTPS and get locked out, is that correct?

              Yes. That's correct.

              @mer:

              But if you do the same operation from LAN, it works as you expect?

              Yes.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.