Project

General

Profile

Actions

Bug #1027

closed

Config restore triggers HTTP_REFERER check on interface mismatch

Added by Seth Mos about 11 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Backup / Restore
Target version:
Start date:
11/19/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://10.0.3.190/diag_backup.php). You can disable this check if needed in System -> Advanced -> Admin.

The page I see this on is https://10.0.3.190/interfaces_assign.php

This is what the UI navigates to when a interface mismatch is detected.

Actions #1

Updated by Erik Fonnesbeck about 11 years ago

This happens when the IP address has changed because of the restore.

Actions #2

Updated by Erik Fonnesbeck about 11 years ago

This also needs to be tested restoring a configuration that changes the host or domain, because that might trigger the DNS rebind check, too.

Actions #3

Updated by Erik Fonnesbeck about 11 years ago

  • Status changed from New to Feedback

This workaround should prevent that from happening now.

Actions #4

Updated by Ermal Luçi almost 11 years ago

  • Status changed from Feedback to Resolved
Actions #5

Updated by Braden McGrath over 10 years ago

This is happening to me on 2.0 RC3, nanobsd, with a clean install.

Steps to reproduce:
changed interface defs via serial after initial boot (was initially LAN / WAN, I swapped them)
Defined static IP for LAN via serial
initial setup wizard worked, but when I saved the settings, webGUI breaks.

Rebooting the box seems to resolve the issue, but something weird is happening behind the scenes. I was also seeing an incorrect IP address on the LAN interface after enabling DHCP via the serial console. (The LAN interface was showing the initial address from the DHCP pool??) Again, reboot fixed that.

Actions #6

Updated by jikjik lim over 10 years ago

2.0-RC3 (i386)
built on Sun Jul 31 05:05:32 EDT 2011

Same as Braden, changed interface, swap WAN and OPT1. Change WAN from DHCP to Static, through webgui. After reboot, all the settings of the packages were set to default.

If the LAN IP address is entered in the URL: An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://192.168.100.1/pkg_edit.php?xml=squidguard.xml&id=0). You can disable this check if needed in System -> Advanced -> Admin.

If the domain name is entered in the URL: Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding. Try accessing the router by IP address instead of by hostname.

Actions

Also available in: Atom PDF