Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AutoConfigBackup on 2.3.1

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      ssc
      last edited by

      Hello,

      we had upgraded our pfsense to 2.3 and since this upgrade we can't pull backup-files (https://doc.pfsense.org/index.php/Remote_Config_Backup).
      I get the cookie- and csrf-token-information. But then when I try to download the xml-File I get a 403: Forbidden Error:

      /usr/bin/wget –keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data 'Submit=download&donotbackuprrd=yes' http://<ip>/diag_backup.php -O /opt/pfsense-backup/data/config-date +%Y%m%d.xml
      --2016-05-09 13:25:54--  http://<ip>/diag_backup.php
      Verbindungsaufbau zu <ip>:80... verbunden.
      HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
      2016-05-09 13:25:54 FEHLER 403: Forbidden.

      Before the update it worked.

      Our pfsense:
      Version 2.3-RELEASE (amd64)
      built on Mon Apr 11 18:10:34 CDT 2016
      FreeBSD 10.3-RELEASE
      (Intel(R) Atom(TM) CPU C2358 @ 1.74GHz )

      AutoConfigBackup: Version 1.45

      What can I do to work it again? Thanks.</ip></ip></ip>

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Check your script against the code on the wiki again and make sure it matches exactly. It was updated a few weeks ago so compare the code closely. The code on the wiki works, I've tested it quite a bit.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S Offline
          ssc
          last edited by

          Thanks for the reply.

          The script matches exactly the code on the wiki. I can't see any differences:

          /usr/bin/wget -qO- –keep-session-cookies --save-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate http://<ip>/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.value="(.)".*/\1/' > /opt/pfsense-backup/CSRF/csrf.txt

          Result: sid:f838ce72843ae08c4d9cb5a848e64beb0d4ae95a,1463559798;ip:236eda74838f1ea71c0b5d43efd038dab2ab3e62,1463559798

          /usr/bin/wget -qO- --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt  --save-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=admin&passwordfld=<password>&__csrf_magic=$(cat /opt/pfsense-backup/CSRF/csrf.txt)" http://<ip>/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.value="(.)".*/\1/' > /opt/pfsense-backup/CSRF/csrf2.txt

          Result: 4 Lines with: sid:f222de889f9384e93cf8fb4f0529d5f2fc60b29a,1463559815

          /usr/bin/wget --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data 'Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 /opt/pfsense-backup/CSRF/csrf2.txt)' http://<ip>/diag_backup.php -O /opt/pfsense-backup/data/<name>pfsense/config<ip>-date +%Y%m%d.xml

          Result: --2016-05-18 10:24:14--  http://<ip>/diag_backup.php
          Verbindungsaufbau zu <ip>:80... verbunden.
          HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
          2016-05-18 10:24:14 FEHLER 403: Forbidden.

          On other pfsenses with Version 2.2.6 I can download the backup with this script. Only on pfsense with Version 2.3_1 I get this Error.</ip></ip></ip></name></ip></ip></password></ip>

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            That does look OK, but the same exact code works here, so perhaps it's something specific to the config on that system.

            Can the 'admin' account actually access the diag_backup.php URL if you attempt to load that same URL in a web browser?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S Offline
              ssc
              last edited by

              Yes, the admin account can access the URL in a browser.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.