Skip to main content

How can we help you?

Druva Documentation

Troubleshooting 401 Unauthorized error during admin console access after upgrading to 5.8 or later

This article is applicable for:
Product edition: inSync On-Premise 5.8 and later

Problem description

After upgrading inSync server to 5.8, admin console is not accessible using 127.0.0.1/admin OR https://localhost/admin and fails with below error.

Error on page: "401 Unauthorized"
No Permission.

clipboard_e77f41479f641298f9fd59f2ec296be65

You may also notice following error in the logs.


{snip}

[2016-05-27 02:18:21,515] [ERROR] Host Header validation failed for /slide_session with Host header 127.0.0.1

[2016-05-27 02:18:21,516] [ERROR] [27/May/2016:02:18:21] Traceback (most recent call last):
File "cherrypy/_cprequest.py", line 102, in run
File "cherrypy/_cprequest.py", line 62, in __call__
File "__main__inSyncCPortal__.py", line 217, in validate_hostheader
SyncError: Bad Request. (#1000000bf)

[2016-05-27 02:18:21,516] [ERROR] [27/May/2016:02:18:21] HTTP Traceback (most recent call last):
File "cherrypy/_cprequest.py", line 653, in respond
File "cherrypy/_cprequest.py", line 112, in run
SyncError: Bad Request. (#1000000bf)

[2016-05-27 02:18:21,519] [ERROR] {'csrf_token': u'XXKhEdsUqynFKQJKoUPiPSSxKFboak5Q'}
{snip}.

Many times, the HTTP host header value is trusted and used to generate links, import scripts, and even generate password resets links with its value. This can be exploited using web-cache poisoning and through the abuse of alternative channels such as password reset emails. An attacker can manipulate the host header and cause the application to behave in unexpected ways.

Resolution

Starting 5.8, inSync honors only IP address or the fully qualified domain name (FQDN) for the inSync Master that is configured under the Sever IP/FQDN in the Network Settings. Any IP address/FQDN that is not listed in the Server IP / FQDN address does not work.

Note: FQDN added in the network settings should be mentioned in the lower case. The filed is case sensitive.

clipboard_e6e3a8911764bf6cf1c2742fb0effb933

See the following images to access inSync using loopback or localhost, add the same in the Sever IP/FQDN settings. 

clipboard_e800caeeb0473fe23e4d4cddc3702a5c5    clipboard_e3433ef91e49e11aeacd4429b6ffb9c5d

References

For more information, contact Druva technical support