Re: [Openvas-discuss] [WORKAROUND] unknown or invalid Host header

2018-04-10 Thread Christian Fischer 
Hi,

On 10.04.2018 17:18, Aaron Couts wrote:
> In any case I couldn't find any config settings that
> addressed this.

have a look at the following mailing list post for the config option and
how to configure it:

http://lists.wald.intevation.org/pipermail/openvas-discuss/2018-April/011929.html

Regards,

-- 

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] [WORKAROUND] unknown or invalid Host header

2018-04-10 Thread Aaron Couts 
I ran into an issue with my OpenVAS 9 installation and couldn't find
anything about it online (at least in the limited googling that I did), so
I wanted to post the error message and a workaround in case anyone else
runs into it.

I installed OpenVAS 9 on an AWS EC2 instance running Ubuntu 16.04.3 LTS.
The installation went smoothly, but upon pointing my browser to
https://:4000
I got the following error message:

"The request contained an unknown or invalid Host header. If you are trying
to access GSA via its hostname or a proxy, make sure GSA is set up to allow
it."

I think it may have to do with the fact that the outward-facing IP address
used to access the server is not owned by the server itself, which is
normal on AWS.  In any case I couldn't find any config settings that
addressed this.

I saw that a lot of people use OpenVAS on a local machine, and I was able
to access the Greenbone Security Assistant with /usr/bin/links, so I
thought I'd try nginx to simulate a local user.  I changed the GSA
configuration (/etc/default/openvas-gsa) to disable HTTPS:
HTTP_ONLY=1

Next I installed nginx:
$ sudo apt-get install nginx

And configured nginx as follows:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
proxy_pass http://localhost:4000;
}
}

$ sudo /etc/init.d/nginx start

At that point I was able to access GSA by pointing my browser to http://
so I'm hitting nginx on port 80 rather than hitting GSA directly on port
4000.

Note that if you want to run OpenVAS on AWS, you should complete a pentest
permission request (https://aws.amazon.com/premiumsupport/knowledge-
center/penetration-testing/).
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss