Project

General

Profile

Bug #5442

Upgraded CARP IPs fail HTTP REFERER check

Added by Jeremy Porter over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
11/13/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.3
Affected Architecture:

Description

Opening web browser to carp IP results in HTTP_REFERER error. This worked correctly in 2.2.5

An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://192.168.13.1/). You can disable this check if needed in System -> Advanced -> Admin.

Associated revisions

Revision 2a5960b0 (diff)
Added by Luiz Souza over 3 years ago

Review of CARP uniqid changes.

It turns out that current CARP implementation is not much different from an IP alias.

This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:

- A friendly interface name (lan, wan, opt1, etc.);
- A Virtual IP - VIP alias (_vip{$uniqid}) - CARP or IP Alias.

The parent of a CARP is always a friendly interface. The parent of an IP alias can be a friendly interface or a CARP (this is the only case of recursion of a VIP).

This commit removes a few cases where CARP were still considered a interface (the old CARP implementation), fixes all the wrong cases of strpos() being used to detect a VIP address (wont work as it returns '0' which fails when tested as 'TRUE'), review the usage of CARP and IP alias as services bind addresses, fixes general issues of adding and editing VIP addresses.

The following subsystems were affected by this changes:

- IPSEC;
- OpenVPN;
- dnsmasq;
- NTP;
- gateways and gateway groups;
- IPv6 RA;
- GRE interfaces;
- CARP status;
- Referrer authentication.

Fixes (and/or revisit) the following tickets:

- Ticket #3257
- Ticket #3716
- Ticket #4450
- Ticket #4858
- Ticket #5441
- Ticket #5442
- Ticket #5500
- Ticket #5783
- Ticket #5844

History

#1 Updated by Jim Thompson over 3 years ago

  • Assignee set to Renato Botelho

#2 Updated by Chris Buechler over 3 years ago

  • Subject changed from Carp IP is not accepted by webgui to CARP IPs fail HTTP REFERER check
  • Status changed from New to Confirmed

#3 Updated by Chris Buechler over 3 years ago

  • Subject changed from CARP IPs fail HTTP REFERER check to Upgraded CARP IPs fail HTTP REFERER check

only applies to upgraded systems, because of issues introduced by #4858 related changes

#4 Updated by Renato Botelho over 3 years ago

  • Assignee changed from Renato Botelho to Luiz Souza

Luiz, can you check this when you are working on #4858? I believe both tickets are related

#5 Updated by Chris Buechler over 3 years ago

  • Status changed from Confirmed to Resolved
  • Assignee changed from Luiz Souza to Chris Buechler

fixed by my earlier commit on #4858, this works once config revision's upgraded to 14.0.

#6 Updated by Jim Thompson over 3 years ago

  • Status changed from Resolved to Assigned
  • Assignee changed from Chris Buechler to Luiz Souza

Luiz apparently has a better fix

#7 Updated by Luiz Souza over 3 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

This issue also affect IP Aliases, this is now fixed.

#8 Updated by Chris Buechler over 3 years ago

still works

Also available in: Atom PDF