IPv6 link local fails HTTP REFERER check
On default configured pfSense, the LAN interface has the following IPv6 set by default: fe80::1:1
Trying to login over
https://[fe80::1:1]/ results in the error 'An HTTP_REFERER was detected other than what is defined in System'.
This is due the following taking place.
1) auth.inc line 208 - get_configured_ipv6_addresses() is called;
2) util.inc line 1436 - get_configured_ipv6_addresses() body - it walks each interface in search of the configured IPv6;
3) util.inc line 1442 - get_interface_ipv6($int) is called. in this case the value $int should be correct and equal to 'lan';
4) interfaces.inc line 5375 - get_interface_ipv6(...) body - it will return 'null' because the only IP that is set is the link local and 'lan' doesn't not include '_lloc' magic prefix;
5) auth.inc line 208 - get_configured_ipv6_addresses() will return an empty array
6) auth.inc line 209 - obviously the foreach won't be executed at all
While on diag_command.php page if I run:
Fixing this bug will be somewhat tricky.
My personal trick is changing things to:
function get_configured_ipv6_addresses($linklocal_fallback = false)
function get_interface_ipv6($interface = "wan", $flush = false, $linklocal_fallback = false)
And change some code to cope with the modifications.
I'll submit a PR shortly and decision to merge (or improve) will be left at discretion.
Jorge M. Oliveira
#1 Updated by Jorge M. Oliveira about 5 years ago
Just a little correction to original post.
5) auth.inc line 208 - get_configured_ipv6_addresses() will return an array with NULL elements;
6) auth.inc line 209 - foreach will be executed but have no effect (each element NULL will implicitly cast to empty string).
Jorge M. Oliveira
#2 Updated by Chris Buechler about 5 years ago
- Subject changed from Unable to login on WebGUI over IPv6 linklocal due to 'An HTTP_REFERER was detected other than what is defined in System' to IPv6 link local fails HTTP REFERER check
- Status changed from New to Confirmed
- Priority changed from Normal to Low
- Affected Version changed from 2.3 to All