Re: [Openvas-discuss] [WORKAROUND] unknown or invalid Host header
Hi, On 10.04.2018 17:18, Aaron Couts wrote: > In any case I couldn't find any config settings that > addressed this. have a look at the following mailing list post for the config option and how to configure it: http://lists.wald.intevation.org/pipermail/openvas-discuss/2018-April/011929.html Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] [WORKAROUND] unknown or invalid Host header
I ran into an issue with my OpenVAS 9 installation and couldn't find anything about it online (at least in the limited googling that I did), so I wanted to post the error message and a workaround in case anyone else runs into it. I installed OpenVAS 9 on an AWS EC2 instance running Ubuntu 16.04.3 LTS. The installation went smoothly, but upon pointing my browser to https://:4000 I got the following error message: "The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it." I think it may have to do with the fact that the outward-facing IP address used to access the server is not owned by the server itself, which is normal on AWS. In any case I couldn't find any config settings that addressed this. I saw that a lot of people use OpenVAS on a local machine, and I was able to access the Greenbone Security Assistant with /usr/bin/links, so I thought I'd try nginx to simulate a local user. I changed the GSA configuration (/etc/default/openvas-gsa) to disable HTTPS: HTTP_ONLY=1 Next I installed nginx: $ sudo apt-get install nginx And configured nginx as follows: server { listen 80 default_server; listen [::]:80 default_server; server_name _; location / { proxy_pass http://localhost:4000; } } $ sudo /etc/init.d/nginx start At that point I was able to access GSA by pointing my browser to http:// so I'm hitting nginx on port 80 rather than hitting GSA directly on port 4000. Note that if you want to run OpenVAS on AWS, you should complete a pentest permission request (https://aws.amazon.com/premiumsupport/knowledge- center/penetration-testing/). ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss