Bug #1027
closedConfig restore triggers HTTP_REFERER check on interface mismatch
0%
Description
An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://10.0.3.190/diag_backup.php). You can disable this check if needed in System -> Advanced -> Admin.
The page I see this on is https://10.0.3.190/interfaces_assign.php
This is what the UI navigates to when a interface mismatch is detected.
Updated by Erik Fonnesbeck about 14 years ago
This happens when the IP address has changed because of the restore.
Updated by Erik Fonnesbeck about 14 years ago
This also needs to be tested restoring a configuration that changes the host or domain, because that might trigger the DNS rebind check, too.
Updated by Erik Fonnesbeck about 14 years ago
- Status changed from New to Feedback
This workaround should prevent that from happening now.
Updated by Ermal Luçi almost 14 years ago
- Status changed from Feedback to Resolved
Updated by Braden McGrath over 13 years ago
This is happening to me on 2.0 RC3, nanobsd, with a clean install.
Steps to reproduce:
changed interface defs via serial after initial boot (was initially LAN / WAN, I swapped them)
Defined static IP for LAN via serial
initial setup wizard worked, but when I saved the settings, webGUI breaks.
Rebooting the box seems to resolve the issue, but something weird is happening behind the scenes. I was also seeing an incorrect IP address on the LAN interface after enabling DHCP via the serial console. (The LAN interface was showing the initial address from the DHCP pool??) Again, reboot fixed that.
Updated by jikjik lim over 13 years ago
2.0-RC3 (i386)
built on Sun Jul 31 05:05:32 EDT 2011
Same as Braden, changed interface, swap WAN and OPT1. Change WAN from DHCP to Static, through webgui. After reboot, all the settings of the packages were set to default.
If the LAN IP address is entered in the URL: An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://192.168.100.1/pkg_edit.php?xml=squidguard.xml&id=0). You can disable this check if needed in System -> Advanced -> Admin.
If the domain name is entered in the URL: Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding. Try accessing the router by IP address instead of by hostname.