Posted: Wed Feb 04, 2009 6:09 Post subject: Cross Site Action detected!
400 Bad Request
Cross Site Action detected!
Pink background
How can I solve this with dd-wrt v24 sp2 on WHR-HP-G54.
If I don't use a web server and use file:// it works but if I use http://IP address and call-up object link I get that above. If I try to access DD-WRT Web Admin. Only on that not on other Web Guides or Web Admin for Access Point do I get this error. Now I have to click go and get into to admin. _________________ Best Regards,
Tipstir
If I do that from the browser which bypass the web server then I have drop down menu to access all Network Web embedded onto my intranet web site. I don't get that problem
Intranet site opens I click on the drop down menu for Router using DD-WRT then bang I get the http:\\ip address of the router and it's suppose to invoke the DD-WRT System Information Screen
400 Bad Request
Cross Site Action detected!
Nothing has been changed it worked under DIR-655 using their firmware but not under DD-WRT. I can still invoke it but I have to press goto get around it. Strange.
Firefox 3.06..
For the heck of it I just tested this under IE7 which I don't use. I sure enough it worked! But not under Firefox?
Anyone know why this Cross Site Action is only showing up on DD-WRT using Firefox. If I use Trendnet firmware Web Admin on it's TEW-654BRP it doesn't do this. Same for my Print Server Web Adm opens okay under Firefox. _________________ Best Regards,
Tipstir
BrainSlayer recently added some code to help prevent cross site request forgeries. The behavior you are experiencing is intentional.
Check the host and referer fields with a network sniffer. My guess is that Firefox and IE are using different headers. It might be a bug in the web browser.
BrainSlayer recently added some code to help prevent cross site request forgeries. The behavior you are experiencing is intentional.
Check the host and referer fields with a network sniffer. My guess is that Firefox and IE are using different headers. It might be a bug in the web browser.
Thanks! Sounds like that's the problem.. _________________ Best Regards,
Tipstir
what version of firefox are you using that you are having this problem with? _________________ 2x WRT54G v5, 2x WRT54G v2
1x WRT54G-TM
1x WRT54GL
1x WRT54G2 v1
2x BUFFALO WHR-G54S
2x BUFFALO WHR-G300N v2
1x BUFFLOW WHR-HP-G300N
1x La Fonera
FON Client Bridge tutorial
what version of firefox are you using that you are having this problem with?
I still get it.. First with 3.05 and now with 3.06. But not with IE 6 or 7. But it's strange On all Windows XP Pro SP3 I get it, but not with Windows Server 2003 R2 Enterprise Edition SP2. That uses FF 3.06 loads okay. _________________ Best Regards,
Tipstir
BrainSlayer recently added some code to help prevent cross site request forgeries. The behavior you are experiencing is intentional.
Check the host and referer fields with a network sniffer. My guess is that Firefox and IE are using different headers. It might be a bug in the web browser.
I get this now that I've loaded a more recent build (see end of post for model and DD-WRT version). Is there a way to turn it off?
I have Chrome, Firefox, and IE installed, it does this with all three browsers, the way I used to access it with build 10020.
I have a Linux server with Apache serving up local web pages for my in-house LAN. It's at server.dwolfman.lan, and I have DNS and other items set up to point router.dwolfman.lan to the WRT54G. The main index page in Apache has a set of links, including one to the router.
On older firmwares, I could click that link and get the login prompt for the router. With this firmware, I get this same 400 error page. All I have to do is click in the address bar of whatever browser I'm using, and hit enter, then all is good.
It's really annoying, and I would like the old functionality back if at all possible.
Router info:
Router Model Linksys WRT54Gv8
Firmware Version DD-WRT v24-sp2 (10/10/09) micro - build 13064
It's won't be going away any time soon and old builds that don't have it are vulnerable to some serious attacks. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
It's won't be going away any time soon and old builds that don't have it are vulnerable to some serious attacks.
So, any possibility that this can be disabled for those that want the old functionality, like me? Or maybe to have the option to disable it added to future builds? My router is not configured for external access to the config pages, so I'm not worried about anyone trying to hack it.
Cross site scripting attacks happen from visiting sites with your own browser. If you browse the web and have an old build then you're vulnerable to the attack. It's very unlikely the devs will spend any time on this but if you want you can create a ticket for it.
http://svn.dd-wrt.com:8000/dd-wrt/timeline _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Cross site scripting attacks happen from visiting sites with your own browser. If you browse the web and have an old build then you're vulnerable to the attack. It's very unlikely the devs will spend any time on this but if you want you can create a ticket for it.
I'm tired of being "coddled" by others who think they know better than me on how I should be browsing the web, without giving me any say in how it should be done. I don't visit sites that do that, and even if I did accidentally hit one I've got all my browsing going through multiple layers of web proxies I've configured to filter and fix that kind of stuff for me. 10+ years of web browsing, with the last 6+ of those with this web proxy setup, and no issues, EVER.
I either need a way to turn this off, or a workaround. Period.
I saw mention of the referrer fields possibly being why this is happening. Is there a way I can fix that through the browser, web server on my server box, etc? I'd prefer a fix that doesn't involve manually configuring the web browser, since I have 4+ computers, each with multiple OSes installed and multiple browsers set up in each OS. That would be a fairly large job that I would like to avoid.
I'll think about the ticket, but considering your statement I would rather spend my time on something useful and not potentially wasteful, if at all possible. If that means putting in a workaround, then so be it.
If you can have your proxies strip out the referrer then that will fix it. Even though it's not a good way to fix the problem, it's the easiest way and IMO it's not really worth the developers time to make it any better.
ps. cross site scripting attacks can happen on any site. The only way to fully avoid it is to disable scripting in your browser. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
If you can have your proxies strip out the referrer then that will fix it. Even though it's not a good way to fix the problem, it's the easiest way and IMO it's not really worth the developers time to make it any better.
Well, the proxies only come into play when accessing sites outside my network. I have a proxy pac file set up for automatic proxy configuration of the browser. In the pac file I have it set to not use the proxy for LAN addresses. But it is set up to strip out the referrer field on sites unless I've listed to exclude a specific site.
Is it possible to set up the root page in Apache to not trigger the referrer? I usually go to that page first, then click the link I set up there to go to the router.
Quote:
ps. cross site scripting attacks can happen on any site. The only way to fully avoid it is to disable scripting in your browser.
I'd say my proxies are already configured to filter it out since I've never had any problems like that, and I've even tried going to a couple known-bad sites when I was testing the setup.
