AutoConfigBackup on 2.3.1
-
Hello,
we had upgraded our pfsense to 2.3 and since this upgrade we can't pull backup-files (https://doc.pfsense.org/index.php/Remote_Config_Backup).
I get the cookie- and csrf-token-information. But then when I try to download the xml-File I get a 403: Forbidden Error:/usr/bin/wget –keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data 'Submit=download&donotbackuprrd=yes' http://<ip>/diag_backup.php -O /opt/pfsense-backup/data/config-
date +%Y%m%d
.xml
--2016-05-09 13:25:54-- http://<ip>/diag_backup.php
Verbindungsaufbau zu <ip>:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
2016-05-09 13:25:54 FEHLER 403: Forbidden.Before the update it worked.
Our pfsense:
Version 2.3-RELEASE (amd64)
built on Mon Apr 11 18:10:34 CDT 2016
FreeBSD 10.3-RELEASE
(Intel(R) Atom(TM) CPU C2358 @ 1.74GHz )AutoConfigBackup: Version 1.45
What can I do to work it again? Thanks.</ip></ip></ip>
-
Check your script against the code on the wiki again and make sure it matches exactly. It was updated a few weeks ago so compare the code closely. The code on the wiki works, I've tested it quite a bit.
-
Thanks for the reply.
The script matches exactly the code on the wiki. I can't see any differences:
/usr/bin/wget -qO- –keep-session-cookies --save-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate http://<ip>/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.value="(.)".*/\1/' > /opt/pfsense-backup/CSRF/csrf.txt
Result: sid:f838ce72843ae08c4d9cb5a848e64beb0d4ae95a,1463559798;ip:236eda74838f1ea71c0b5d43efd038dab2ab3e62,1463559798
/usr/bin/wget -qO- --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --save-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=admin&passwordfld=<password>&__csrf_magic=$(cat /opt/pfsense-backup/CSRF/csrf.txt)" http://<ip>/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.value="(.)".*/\1/' > /opt/pfsense-backup/CSRF/csrf2.txt
Result: 4 Lines with: sid:f222de889f9384e93cf8fb4f0529d5f2fc60b29a,1463559815
/usr/bin/wget --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data 'Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 /opt/pfsense-backup/CSRF/csrf2.txt)' http://<ip>/diag_backup.php -O /opt/pfsense-backup/data/<name>pfsense/config<ip>-
date +%Y%m%d
.xmlResult: --2016-05-18 10:24:14-- http://<ip>/diag_backup.php
Verbindungsaufbau zu <ip>:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
2016-05-18 10:24:14 FEHLER 403: Forbidden.On other pfsenses with Version 2.2.6 I can download the backup with this script. Only on pfsense with Version 2.3_1 I get this Error.</ip></ip></ip></name></ip></ip></password></ip>
-
That does look OK, but the same exact code works here, so perhaps it's something specific to the config on that system.
Can the 'admin' account actually access the diag_backup.php URL if you attempt to load that same URL in a web browser?
-
Yes, the admin account can access the URL in a browser.