Yara Manager displays HTTP 401 unauthorized with custom multihome UI port

search cancel

Yara Manager displays HTTP 401 unauthorized with custom multihome UI port

book

Article ID: 291495

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

After clicking on the icon for the Yara Manager in the console, it displays an Unauthorized message and logs an HTTP 401 unauthorized error code in the nginx logs.

Environment

EDR Server: 7.5.0 and newer

Cause

When nginx is configured with a multihome configuration (sensor and console UI on different ports, such as 443 and 8443), it will not properly proxy the page /connector/yara since it using the default https port, rather than the multihome configured port.

Resolution

1. Make a backup of /etc/cb/nginx/conf.d/includes/headers.includes
2. Edit /etc/cb/nginx/conf.d/includes/headers.includes to append ":$server_port" to the end of the Host line to look like this:

proxy_set_header Host $host:$server_port;

3. Restart nginx with the command: /usr/share/cb/cbservice cb-nginx restart

Feedback

thumb_up Yes

thumb_down No