Unable to store an entry using an url with ip

Installation Issues
1

Hello,

Using passbolt 3.5.0, when I try to set an entry with “https://192.168.1.254” in the URI field, it ends with “NetworkError when attempting to fetch resource.” and the URI is not updated. Using something else (like “https://lala” or “192.168.1.254” works fine.

2

Thanks for the report @farfade we’ll have a look.

3

Hello!

Thank you for your feedback @farfade.
I’m trying to solve the issue on my side, and for that I would need some more information about the problem you encountered.
I have many questions to narrow down my research to reproduce the problem:

  • Are you using a cloud version of Passbolt or a self-hosted one ?
  • What versions of the server and the browser extension are you using (I’m not sure if Passbolt 3.5.0 is the server version, the browser extension or both actually)
  • If you have a self-hosted version, does Passbolt instance is accessed from a URL that includes a subfolder name ? (subfolder where Passbolt is actually installed)
  • When you updated your entry was it from the web application of Passbolt, the browser extension, from the popup menu displayed on other website (what we also call in-form menu) or maybe the mobile application ?

Thanks in advance for your answers.

4

Hello !

  • Are you using a cloud version of Passbolt or a self-hosted one ?
    A self-hosted one
  • What versions of the server and the browser extension are you using (I’m not sure if Passbolt 3.5.0 is the server version, the browser extension or both actually)
    Both are 3.5.0
  • If you have a self-hosted version, does Passbolt instance is accessed from a URL that includes a subfolder name ? (subfolder where Passbolt is actually installed)
    The URL does not include a subfolder name
  • When you updated your entry was it from the web application of Passbolt, the browser extension, from the popup menu displayed on other website (what we also call in-form menu) or maybe the mobile application ?
    It was from the browser extension. I also tried from the Android app : fails with “something went wrong”

If you can’t reproduce, it may be related to my apache or modsecurity configuration… I’ll get a look at the logs when I can.

Cheers

5

Thank you for your answer.

So, I did a test with a fresh installation of Passbolt 3.5 (both versions). And unfortunately I cannot reproduce the problem you encountered.

So, I took a look at modsecurity and what it does exactly. It is actually possible that it is blocking requests depending on conditions. When a creation or an update of an entry, the URL is passed in the request body and modsecurity might see and IP address as suspicious.

Somebody from the community had some issues with Passbolt by installing a fresh modsecurity with default configuration on their server (if you wish to take a look, it’s there Passbolt Modsecurity).

From the forum post, there is a configuration example found on a 3rd party website that apparently makes modsecurity work with Passbolt:

1 Like
6

Thanks @Steph

Indeed, and in addition with what you’ve quoted, an input like “https://192.168.0.1” is considered as a possible remote file inclusion (id “931100”) by modsecurity and consequently blocked.

Issue solved from my side : I keep the standard modsecurity configuration that was dropped on my system by Debian - the price of cybersecurity of my whole system !
As a suggestion, it could worth it, now that passbolt is so mature and successful :sunglasses:, to provide a standard set of modsecurity rules for passbolt in the package (maybe after having carefully setup it with your pentesters).

Thanks and regards,

farfade

2 Likes