FreePBX GUI HTTP Issue - Continual Redirects to Index

freepbx
Tags: #<Tag:0x00007fb47cd662c0>

(Paul Barnes) #1

I came across an unusual problem this morning when trying to access my PBX GUI to check the CDRs.

The index page loaded just fine and gave me the usual “Admin”, “UCP”, “Operator Panel” and “Get Support” iconography. I clicked on FreePBX Administration and the login dialog popped up. All normal and good thus far.

I enter my administration credentials and hit continue and I’m presented with the “Welcome to FreePBX” loading banner for the Dashboard. Except, nothing else was happening.

I noticed some white text where the progress bar usually is - “Frobulating”.

Odd, says I.

After much searching, I couldn’t come up with anything definitive for an answer as to what exactly was happening. The apache access log looked, to my relatively inexpert eyes, normal. No new entries in error_log either.

For reference, the following is from access_log (IP and hostnames redacted):

xxx.xxx.xxx.xxx - - [19/Apr/2021:15:06:21 +0100] “GET /admin/ajax.php?command=authping HTTP/1.1” 401 29 “http://pbx.host.name/admin/config.php?display=index” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.39”
xxx.xxx.xxx.xxxx - - [19/Apr/2021:15:06:22 +0100] “GET /admin/config.php?logout=true HTTP/1.1” 200 - “http://pbx.host.name/admin/config.php?display=index” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.39”

Figuring that I’d start from the beginning I double (and triple) checked basic connectivity and DNS. All good. Using dnsmasq with 8.8.8.8 for everything except my local internal domain. Checked from the CLI that resolution was good and, yep. All good.

I looked in freepbx_dbug and nothing raised any flags.

Opened dev tools in Edge (Version 90.0.818.39 (Official build) (64-bit)) and saw a couple of errors related to jquery. Specifically:

script.legacy.js?load_version=15.0.17.31:1717 Uncaught TypeError: $.removeCookie is not a function
at Object.success (script.legacy.js?load_version=15.0.17.31:1717)
at i (jquery-3.1.1.min.js?load_version=15.0.17.31:2)
at Object.fireWith [as resolveWith] (jquery-3.1.1.min.js?load_version=15.0.17.31:2)
at A (jquery-3.1.1.min.js?load_version=15.0.17.31:4)
at XMLHttpRequest. (jquery-3.1.1.min.js?load_version=15.0.17.31:4)

Figuring there might be some shenanigan’s going on with the packaged JS, I used fwconsole setting USE_PACKAGED_JS 0 to see if that made any difference. Nope. Still had the same problem.

Now thoroughly stumped, I tried accessing the gui over HTTPS. Zero issues. Aside from the browser complaining about the name mismatch (we do have a cert for a particular fqdn that is externally accessible, but not for internal gui access and I can’t be bothered with split-dns) which I expected, the interface was completely normal.

Switching back to HTTP and had the same, very weird, issue. I can switch to various modules but it’ll redirect me back to index each time forcing me to re-login each time.

I tried Edge, Firefox (v87) from one PC and Chrome and IE from another. All had the same problem when accessing over HTTP.

Just for sanity sake, I flush all locally stored browser data from both PCs for ALL browsers. Didn’t make a difference.

System info:
Sangoma Linux release 7.8.2003 (Core)
FreePBX 15.0.17.31
Asterisk 16.16.2

The fact that the gui works normally under https suggests that, fundamentally, FreePBX is OK and that it is likely an apache error. Which is odd as I haven’t made any changes (nor would I need to) to the apache configuration.

I’m just looking for some general guidance on where to poke my nose to find out what is going on.


(Paul Barnes) #2

Coming back to this after doing some additional digging…I ran wireshark when trying to use HTTP to the FreePBX UI and I can see two HTTP requests return 401 Unauthorised:

The first seems to be related to the search bar (admin/ajax.php?module=search&command=global) which returns (according to the capture) a key error. The second is also an ajax.php related error, this time the command is gethooks for the module dashboard. This also returns a 401 unauthorised. Both of these requests result in being redirected to /admin/config.php?logout=true

As far as I can tell from the trace, all other js related requests progress normally, just those two mentioned above.

The confusing thing for me is that I can browse the UI without issue over https (which I presume follows a similar request/response flow as http) so why is only unencrypted http not working correctly?

I can provide the pcap if needed?


(system) closed #3

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.