Bug #8524
closed
HTTP_REFERER issue if changing the LAN IP in setup wizard
100%
Description
In the setup wizard if you change the LAN IP address, you get to the next page to set a password, but when continuing from that page you go straight to a block page saying:
"An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://192.168.1.1/wizard.php?xml=setup_wizard.xml). If not needed, this check can be disabled in System -> Advanced -> Admin."
The user is then locked out of the system, they will not get a proper IP from DHCP, and the new password they set won't work. The only thing you can do is unplug power from the pfsense appliance, or connect to it via console to reboot it so that the changes are applied.
After reboot it seems to be fine.
Confirmed with 2.4.3-p1
Files
| Screen Shot 2018-05-17 at 09.50.09.png (438 KB) Screen Shot 2018-05-17 at 09.50.09.png | LAN IP step | ||
| Screen Shot 2018-05-17 at 09.50.18.png (371 KB) Screen Shot 2018-05-17 at 09.50.18.png | Error message after setting password |
Updated by Jim Pingle over 6 years ago
- Category set to Web Interface
- Assignee set to Jim Pingle
- Priority changed from High to Normal
- Target version set to 2.4.4
- Affected Architecture All added
- Affected Architecture deleted (
)
I can replicate this now, not sure why it didn't happen to me before. It happens in the wizard when run from the LAN side because once past the LAN IP address screen of the wizard, get_configured_ip_addresses() returns the new address but the new address is not yet on the interface.
I have a fix, will push shortly.
Updated by Jim Pingle over 6 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 21f630def08b5505f5504606958ead93dbb9358d.
Updated by T F over 6 years ago
Just to confirm, will this commit also fix the same issue when changing the LAN IP in the web configurator (not just when using the setup wizard)?
Updated by Jim Pingle over 6 years ago
This issue is only for the wizard, and the fix applies only to the wizard. I'm not aware of another way to trigger this reliably. If you have such a case, please post to the forum or pfSense subreddit with details so it can be discussed and confirmed.
Updated by T F over 6 years ago
OK, should I log it under hardware (since this is on a netgate appliance vs. a CE image running on my own hardware)?
I can reliably reproduce it by just changing the LAN IP in the Admin Web UI. I get the same error when trying to load pages on the UI and this via the console & shell:
- Welcome to pfSense 2.4.3-RELEASE-p1 (amd64) on pfSense ***
WAN (wan) -> lagg0.4090 -> v4: x.x.x.x/29
LAN (lan) -> lagg0.4091 -> v4: 10.x.x.1/24
OPT1 (opt1) -> ix0 ->
OPT2 (opt2) -> ix1 ->
lagg0.4091: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:08:xx:xx:xx:xx
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::1:1%lagg0.4091 prefixlen 64 scopeid 0x15
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
vlan: 4091 vlanpcp: 0 parent interface: lagg0
groups: vlan
Updated by Jim Pingle over 6 years ago
That wouldn't be a problem specific to Netgate hardware. Post that on the forum and someone can take a deeper look and try to reproduce it. This specific issue with the wizard is resolved, so I don't want to get a separate issue confused here.
Updated by T F over 6 years ago
Gotcha, I wasn't sure since the appliance uses a special image. Posted: https://forum.netgate.com/topic/133117/xg-7100-appliance-http_referer-issue-when-changing-lan-ip-in-webgui