May 17, 20206 yr My syslog is overrun with wrong csrf_token errors generated from the unassigned devices plug in. This starts immediately after reboot with only one web browser page open so the faq does not seem to be relevant: https://forums.unraid.net/topic/46802-faq-for-unraid-v6/?do=findComment&comment=545988 It did not stop after uninstalling the plugin. It did not stop after reboot after uninstalling the plugin. There is no UnassignedDevices.php - at least in /boot/config/plugins/unassigned.devices May 17 08:11:06 NAS root: error: /plugins/unassigned.devices/UnassignedDevices.php: wrong csrf_token Edited May 17, 20206 yr by RadOD add
May 17, 20206 yr Community Expert https://forums.unraid.net/topic/46802-faq-for-unraid-v6/?do=findComment&comment=545988
May 17, 20206 yr Author 5 minutes ago, johnnie.black said: https://forums.unraid.net/topic/46802-faq-for-unraid-v6/?do=findComment&comment=545988 Yes, thank you. You might notice is you read the second sentence is that I have seen that. However, as of right now I am only using one browser on one computer after a fresh reboot. So do you mean I have to go find any and every instance of an open webpage on any computer I might have left open somewhere at any point in the past? And any phone or tablet that has ControlR? Because this could cover a seriously lot of hardware and a lot of square miles to find!
May 17, 20206 yr Community Expert 2 minutes ago, RadOD said: So do you mean I have to go find any and every instance of an open webpage on any computer I might have left open somewhere at any point in the past? And any phone or tablet that has ControlR? If it's running yes.
May 17, 20206 yr Author netstat -vatn was able to find the source of the problem. Seems like there should be a server side solution to prevent this. After a time a client anywhere with a bad CSRF token causes parts of Unraid to stop working - possibly from spamming the syslog. How does this work with multiple users? Do administrators email all their users asking them to close their forgotten browswer tabs?
May 17, 20206 yr Community Expert 8 hours ago, RadOD said: netstat -vatn was able to find the source of the problem. Seems like there should be a server side solution to prevent this. After a time a client anywhere with a bad CSRF token causes parts of Unraid to stop working - possibly from spamming the syslog. How does this work with multiple users? Do administrators email all their users asking them to close their forgotten browswer tabs? Only the root user (i.e. Administrators) can successfully log into the Unraid Web GUI in the first place.
November 1, 20205 yr I Tried what you said. I got this: Ignoring all the 0.0.0.0: tcp 0 0 192.168.1.226:80 192.168.1.25:22943 ESTABLISHED tcp 0 0 192.168.1.224:80 192.168.1.25:21784 ESTABLISHED tcp 0 0 192.168.1.226:80 192.168.1.25:22443 ESTABLISHED tcp 0 0 192.168.1.226:80 192.168.1.25:20441 TIME_WAIT tcp 0 0 192.168.1.226:80 192.168.1.25:22952 ESTABLISHED tcp 0 824 192.168.1.226:80 192.168.1.25:22442 ESTABLISHED tcp 0 0 192.168.1.226:80 192.168.1.25:22842 ESTABLISHED tcp 0 0 192.168.1.226:445 192.168.1.25:22246 ESTABLISHED tcp 0 0 192.168.1.226:80 192.168.1.25:22440 ESTABLISHED tcp 0 0 192.168.1.226:80 192.168.1.25:22942 ESTABLISHED tcp 0 0 192.168.1.226:80 192.168.1.25:22441 ESTABLISHED *.226 is the server. as well as *.224 and some others- it has 6 NICs in total, at least 4 in use, one for BMC, 1 10Gb Direct Connection (both included in that 4- so 2 on general LAN, 1 direct 10gb to my usual PC, and 1 BMC on the LAN - a server controller that goes to BIOS and not OS). *.25 is my desktop. so the question I have is- now what? What do I do with this information. Do I need to aggressively shut down all the other LAN connections? ***** I should add- removing the plugin made things drammatically worse. Way more errors. That error- which totally innundated the log and ensured I could do nothing else until this was fixed- was - Nov 1 16:06:14 Unraid nginx: 2020/11/01 16:06:14 [error] 9257#9257: *36088 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.1.25, server: , request: "POST /plugins/unassigned.devices/UnassignedDevices.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "unraid.local", referrer: "http://unraid.local/Main" For completeness, the error with it installed is: Nov 1 16:14:46 Unraid root: error: /plugins/unassigned.devices/UnassignedDevices.php: wrong csrf_token This is irritating. And while not unfamiliar with linux, I am no pro, so I am out of my depth here. Edited November 1, 20205 yr by AndyT86 additional information
November 1, 20205 yr Both of the errors are telling you that you have another browser tab (or device) actively sitting on the GUI for Unraid. csrf is an important security feature, and are assigned randomly at each reboot of the server.
November 4, 20205 yr Thanks, I did figure it out. I am not sure what worked. But restarting the Client PC seemed to bag them all. FWIW there were no visible tabs open than the one. But there must have been something lingering.
Archived
This topic is now archived and is closed to further replies.