EDR: Unable to Create User and Insufficient Privileges to Access this Page
Article ID: 288030
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Using a custom WebUI port
- Red error message pops up when updating user password
Unable to create user
- Red error message pops up with verified permissions for live-response or moving sensors to a new group
Insufficient privileges to access this page
- /var/log/cb/coreservices/debug.log error message
2018-12-26 9:21:02 [64433] <warning> flask.app - Forbidden (Referer checking failed: https://servername:8443/ does not match https://servername/.):
Environment
- EDR Console: 6.2.4 and Higher
- EDR Server: 6.2.3 and Higher
Cause
Nginx is not forwarding the custom port in the header for CSRF
Resolution
- Open /etc/cb/nginx/conf.d/includes/headers.includes
- Find the following line
proxy_set_header Host $host;
- Edit to:
proxy_set_header Host $host:$server_port;
- Save and restart just the nginx service
CentOS 6: service cb-nginx restart CentOS 7: sudo systemctl restart cb-nginx
Additional Information
- Copy and pasting can cause additional hidden characters
- The change forces Nginx to send the port in the header to match what the CSRF originally had seen
Feedback
Yes
No
Powered by
