The pfSense Store

Author Topic: AutoConfigBackup on 2.3.1  (Read 182 times)

0 Members and 1 Guest are viewing this topic.

Offline ssc

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
AutoConfigBackup on 2.3.1
« on: May 09, 2016, 07:21:29 am »
Hello,

we had upgraded our pfsense to 2.3 and since this upgrade we can't pull backup-files (https://doc.pfsense.org/index.php/Remote_Config_Backup).
I get the cookie- and csrf-token-information. But then when I try to download the xml-File I get a 403: Forbidden Error:

/usr/bin/wget --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data 'Submit=download&donotbackuprrd=yes' http://<ip>/diag_backup.php -O /opt/pfsense-backup/data/config-`date +%Y%m%d`.xml
--2016-05-09 13:25:54--  http://<ip>/diag_backup.php
Verbindungsaufbau zu <ip>:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
2016-05-09 13:25:54 FEHLER 403: Forbidden.

Before the update it worked.

Our pfsense:
Version    2.3-RELEASE (amd64)
built on Mon Apr 11 18:10:34 CDT 2016
FreeBSD 10.3-RELEASE
(Intel(R) Atom(TM) CPU C2358 @ 1.74GHz )

AutoConfigBackup: Version 1.45

What can I do to work it again? Thanks.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 18138
  • Karma: +744/-6
    • View Profile
Re: AutoConfigBackup on 2.3.1
« Reply #1 on: May 10, 2016, 02:22:26 pm »
Check your script against the code on the wiki again and make sure it matches exactly. It was updated a few weeks ago so compare the code closely. The code on the wiki works, I've tested it quite a bit.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ssc

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: AutoConfigBackup on 2.3.1
« Reply #2 on: May 18, 2016, 03:33:12 am »
Thanks for the reply.

The script matches exactly the code on the wiki. I can't see any differences:

/usr/bin/wget -qO- --keep-session-cookies --save-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate http://<ip>/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > /opt/pfsense-backup/CSRF/csrf.txt

Result: sid:f838ce72843ae08c4d9cb5a848e64beb0d4ae95a,1463559798;ip:236eda74838f1ea71c0b5d43efd038dab2ab3e62,1463559798

/usr/bin/wget -qO- --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt  --save-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=admin&passwordfld=<password>&__csrf_magic=$(cat /opt/pfsense-backup/CSRF/csrf.txt)" http://<ip>/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > /opt/pfsense-backup/CSRF/csrf2.txt

Result: 4 Lines with: sid:f222de889f9384e93cf8fb4f0529d5f2fc60b29a,1463559815

/usr/bin/wget --keep-session-cookies --load-cookies /opt/pfsense-backup/cookies/cookies.txt --no-check-certificate --post-data 'Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 /opt/pfsense-backup/CSRF/csrf2.txt)' http://<ip>/diag_backup.php -O /opt/pfsense-backup/data/<name>_pfsense/config_<ip>-`date +%Y%m%d`.xml

Result: --2016-05-18 10:24:14--  http://<ip>/diag_backup.php
Verbindungsaufbau zu <ip>:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
2016-05-18 10:24:14 FEHLER 403: Forbidden.

On other pfsenses with Version 2.2.6 I can download the backup with this script. Only on pfsense with Version 2.3_1 I get this Error.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 18138
  • Karma: +744/-6
    • View Profile
Re: AutoConfigBackup on 2.3.1
« Reply #3 on: May 18, 2016, 09:54:10 am »
That does look OK, but the same exact code works here, so perhaps it's something specific to the config on that system.

Can the 'admin' account actually access the diag_backup.php URL if you attempt to load that same URL in a web browser?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ssc

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: AutoConfigBackup on 2.3.1
« Reply #4 on: May 18, 2016, 11:33:41 pm »
Yes, the admin account can access the URL in a browser.