pfSense Support Subscription

Author Topic: edit config.xml  (Read 30048 times)

0 Members and 1 Guest are viewing this topic.

Offline Understudy

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
edit config.xml
« on: December 19, 2012, 01:01:48 pm »
Hi,

I have pfsense 2.0.1 install on it's own server. I am having the same issue as many others.

Error: 501 Description: An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://10.0.0.136/). You can disable this check if needed in System -> Advanced -> Admin.

I access the box by going to 10.0.0.136 so I am not coming from the outside.

When I access the webconfig page and I try to save the checkmark in the Disable HTTP_REFERER enforcement check box. I can't save it because the webpage returns the same error.

I can also access the physical box itself.

I have put the config.xml file into edit mode and to properly place the nohttpreferercheck in the webgui section. However I want to ask exactly how that is to be done.

Here is the section in the config.xml file
Code: [Select]
<webgui>
           <protocol>https</protocol>
           <ssl-certref>50d1ed60453xx</ssl-certref>
</webgui>


So my question is how is nohttpreferercheck placed in that section what are the open and close tags for it if any?


Sincerely,

Brendhan
 


Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: edit config.xml
« Reply #1 on: December 19, 2012, 02:07:25 pm »
access your pfsense via ssh and forward gui port on it.

then access https://127.0.0.1:pfsense_port and make your changes.

for example:
ssh -L 443:127.0.0.1:443 root@pfsense_ip

or access it without names, just with ip address.

Offline Understudy

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: edit config.xml
« Reply #2 on: December 19, 2012, 02:46:15 pm »
access your pfsense via ssh and forward gui port on it.

then access https://127.0.0.1:pfsense_port and make your changes.

for example:
ssh -L 443:127.0.0.1:443 root@pfsense_ip

or access it without names, just with ip address.

SSH is not working properly. Can help me with the config file?

Sincerely,

Brendhan

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: edit config.xml
« Reply #3 on: December 19, 2012, 02:53:50 pm »
use viconfig(carefully) to edit config.xml

               <webgui>
                        <protocol>https</protocol>
                        <ssl-certref>XXXXXXXXXX</ssl-certref>
                        <port>XXXXX</port>
                        <max_procs>16</max_procs>
                        <nodnsrebindcheck/>
                        <nohttpreferercheck/>
                </webgui>

Offline Understudy

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: edit config.xml
« Reply #4 on: December 19, 2012, 03:09:43 pm »
use viconfig(carefully) to edit config.xml

               <webgui>
                        <protocol>https</protocol>
                        <ssl-certref>XXXXXXXXXX</ssl-certref>
                        <port>XXXXX</port>
                        <max_procs>16</max_procs>
                        <nodnsrebindcheck/>
                        <nohttpreferercheck/>
                </webgui>


Thank you. I am trying it now.

Sincerely,

Brendhan

Offline Understudy

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: edit config.xml
« Reply #5 on: December 19, 2012, 03:51:12 pm »
Okay, that worked.

Let me give some details for those who come behind.

I had physical access to my pfsense box. Despite enabling ssh I could not access the box with ssh.

From the main page on the pfsense box. option 8 is the command shell. So I entered 8
It goes to a command line.

I had to do a find / -name config.xml to find the file. Do not use the one in the defaults section.

I use ee not vi.
Code: [Select]
ee /cf/conf/config.xml  <--- Your location may vary
Go to the webgui section
Code: [Select]
<webgui>
           <protocol>https</protocol>
           <ssl-certref>50d1ed60453xx</ssl-certref>   
</webgui>

and add the following

Code: [Select]
<webgui>
           <protocol>https</protocol>
           <ssl-certref>50d1ed60453xx</ssl-certref> 
           <max_procs>16</max_procs>    <--add this
           <nodnsrebindcheck/>               <--add this
           <nohttpreferercheck/>             <--add this
</webgui>

Once you exit and save the changes you have to remove the tmp cache. At the command line type this;

Code: [Select]
rm /tmp/config.cache

Then if you go into your webpae of pfsense you should now stop getting the

Error: 501 Description: An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://10.0.0.136/). You can disable this check if needed in System -> Advanced -> Admin

when you try to go to the pages. I still see it in the dashboard under the version box but it does not affect anything as far as trying to make changes to the configuration.

Thanks to marcello for his help on this matter.

Sincerely,

Brendhan

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21396
  • Karma: +1432/-26
    • View Profile
Re: edit config.xml
« Reply #6 on: December 20, 2012, 07:16:11 am »
FYI- on 2.0.2 or 2.1, from the shell, just run:

Code: [Select]
pfSsh.php playback disablereferercheck
Or from the PHP Shell you can manually run:
Code: [Select]
global $config;

$config = parse_config(true);

$config['system']['webgui']['nohttpreferercheck'] = true;

echo "Disabling HTTP referer check...";

write_config("PHP shell disabled HTTP referer check");

echo "done.\n";

Less room for error that way than hand-editing the config.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!