"403 Forbidden" when accessing admin page

BaconLeTomato · October 4, 2024, 9:37pm

Expected Behaviour:

Accessing <my_ip>/admin or http://pi.hole/ on the same computer pi-hole is installed as well as others on the same network should yield the admin page.

Actual Behaviour:

The webpage returns "403 Forbidden"

Debug Token:

https://tricorder.pi-hole.net/7StkfOgo/
The page is blank for me, is that right?

More Details:

I am using Fedora 40.

pihole -v

  Pi-hole version is v5.18.3 (Latest: v5.18.3)
  web version is v5.21 (Latest: v5.21)
  FTL version is v5.25.2 (Latest: v5.25.2)

I suspect this is a problem with lighttpd so I gathered relevant information to it. I have already tried reinstalling lighttpd using dnf remove lighttpd and dnf install lighttpd. Then I called pihole -r to repair the installation and finally systemctl start and systemctl enable.

systemctl status lighttpd.service

● lighttpd.service - Lightning Fast Webserver With Light System Requirements
     Loaded: loaded (/usr/lib/systemd/system/lighttpd.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Fri 2024-10-04 14:06:26 MST; 5s ago
    Process: 17074 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
   Main PID: 17076 (lighttpd)
      Tasks: 6 (limit: 38175)
     Memory: 7.6M (peak: 8.6M)
        CPU: 47ms
     CGroup: /system.slice/lighttpd.service
             ├─17076 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
             ├─17079 /usr/bin/php-cgi
             ├─17084 /usr/bin/php-cgi
             ├─17085 /usr/bin/php-cgi
             ├─17086 /usr/bin/php-cgi
             └─17087 /usr/bin/php-cgi

Oct 04 14:06:26 Tori systemd[1]: Starting lighttpd.service - Lightning Fast Webserver With Light System Requirements...
Oct 04 14:06:26 Tori lighttpd[17074]: 2024-10-04 14:06:26: (data_config.c.100) pcre2_jit_compile: no more memory, regex: ^/admin/\.
Oct 04 14:06:26 Tori lighttpd[17074]: 2024-10-04 14:06:26: (data_config.c.100) pcre2_jit_compile: no more memory, regex: /(teleporter|api_toke>
Oct 04 14:06:26 Tori lighttpd[17074]: 2024-10-04 14:06:26: (data_config.c.100) pcre2_jit_compile: no more memory, regex: /admin/settings\.php
Oct 04 14:06:26 Tori lighttpd[17074]: 2024-10-04 14:06:26: (keyvalue.c.83) pcre2_jit_compile: no more memory, regex:
Oct 04 14:06:26 Tori lighttpd[17074]: 2024-10-04 14:06:26: (keyvalue.c.83) pcre2_jit_compile: no more memory, regex:
Oct 04 14:06:26 Tori systemd[1]: Started lighttpd.service - Lightning Fast Webserver With Light System Requirements.
Oct 04 14:06:26 Tori lighttpd[17076]: 2024-10-04 14:06:26: (data_config.c.100) pcre2_jit_compile: no more memory, regex: ^/admin/\.
Oct 04 14:06:26 Tori lighttpd[17076]: 2024-10-04 14:06:26: (data_config.c.100) pcre2_jit_compile: no more memory, regex: /(teleporter|api_toke>

The "no more memory" bit concerns me, but I wasn't able find much information about this.

I thought there was possibly a permissions issue so I checked but everything looks fine here.

ls -lh /var/www

total 0
drwxrwxr-x. 1 lighttpd lighttpd  10 Oct  3 20:29 html
drwx------. 1 lighttpd lighttpd 128 Oct  3 20:29 lighttpd

ls -lh /var/www/html

total 0
drwxr-xr-x. 1 root root 1.1K Oct  3 20:29 admin

ls -lh /var/www/html/admin

total 544K
-rw-r--r--. 1 root root  16K Oct  3 20:29 api_db.php
-rw-r--r--. 1 root root  15K Oct  3 20:29 api_FTL.php
-rw-r--r--. 1 root root 6.2K Oct  3 20:29 api.php
-rw-r--r--. 1 root root 2.6K Oct  3 20:29 auditlog.php
-rw-r--r--. 1 root root 3.9K Oct  3 20:29 cname_records.php
-rw-r--r--. 1 root root  354 Oct  3 20:29 composer.json
-rw-r--r--. 1 root root 2.8K Oct  3 20:29 composer.lock
-rw-r--r--. 1 root root 2.3K Oct  3 20:29 CONTRIBUTING.md
-rw-r--r--. 1 root root 2.7K Oct  3 20:29 db_graph.php
-rw-r--r--. 1 root root 4.9K Oct  3 20:29 db_lists.php
-rw-r--r--. 1 root root 9.7K Oct  3 20:29 db_queries.php
-rw-r--r--. 1 root root 1.7K Oct  3 20:29 debug.php
-rw-r--r--. 1 root root 3.6K Oct  3 20:29 dns_records.php
-rw-r--r--. 1 root root 1.4K Oct  3 20:29 gravity.php
-rw-r--r--. 1 root root 3.7K Oct  3 20:29 groups-adlists.php
-rw-r--r--. 1 root root 4.5K Oct  3 20:29 groups-clients.php
-rw-r--r--. 1 root root 7.8K Oct  3 20:29 groups-domains.php
-rw-r--r--. 1 root root 3.3K Oct  3 20:29 groups.php
drwxr-xr-x. 1 root root  120 Oct  3 20:29 img
-rw-r--r--. 1 root root  10K Oct  3 20:29 index.php
-rw-r--r--. 1 root root  14K Oct  3 20:29 LICENSE
-rw-r--r--. 1 root root 5.3K Oct  3 20:29 login.php
-rw-r--r--. 1 root root  369 Oct  3 20:29 logout.php
-rw-r--r--. 1 root root 1.8K Oct  3 20:29 messages.php
-rw-r--r--. 1 root root 2.9K Oct  3 20:29 network.php
-rw-r--r--. 1 root root 2.9K Oct  3 20:29 package.json
-rw-r--r--. 1 root root 229K Oct  3 20:29 package-lock.json
-rw-r--r--. 1 root root  116 Oct  3 20:29 phpstan.neon.dist
-rw-r--r--. 1 root root 6.8K Oct  3 20:29 queries.php
-rw-r--r--. 1 root root 2.0K Oct  3 20:29 queryads.php
-rw-r--r--. 1 root root 9.1K Oct  3 20:29 README.md
drwxr-xr-x. 1 root root   26 Oct  3 20:29 scripts
-rw-r--r--. 1 root root 104K Oct  3 20:29 settings.php
drwxr-xr-x. 1 root root   46 Oct  3 20:29 style
-rw-r--r--. 1 root root  950 Oct  3 20:29 taillog-FTL.php
-rw-r--r--. 1 root root  949 Oct  3 20:29 taillog.php

BaconLeTomato · October 4, 2024, 9:49pm

Paste of pihole -d

EDIT:
Debug log removed by moderator for privacy reasons.

BaconLeTomato · October 4, 2024, 10:15pm

It seems when I replace the contents of my /etc/lighttpd/lighttpd.conf with the one here:

github.com/pi-hole/pi-hole

advanced/lighttpd.conf.fedora

9e490775f

# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# lighttpd config for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#              CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE:              #
#                         /etc/lighttpd/external.conf                         #
###############################################################################

server.modules = (
	"mod_access",
	"mod_auth",

This file has been truncated. show original

and then run systemctl start lighttpd.service, it fails with this as the status:

× lighttpd.service - Lightning Fast Webserver With Light System Requirements
     Loaded: loaded (/usr/lib/systemd/system/lighttpd.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: exit-code) since Fri 2024-10-04 15:11:34 MST; 26s ago
   Duration: 24min 5.657s
    Process: 30043 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPTION)
        CPU: 8ms

Oct 04 15:11:34 Tori systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Oct 04 15:11:34 Tori systemd[1]: lighttpd.service: Start request repeated too quickly.
Oct 04 15:11:34 Tori systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Oct 04 15:11:34 Tori systemd[1]: Failed to start lighttpd.service - Lightning Fast Webserver With Light System Requirements.

rdwebdesign · October 4, 2024, 11:01pm

Why did you replace the file?

This file (lighttpd.conf.fedora) should not be used in new installs.

If this is a recent install, you should use the default /etc/lighttpd/lighttpd.conf file.

BaconLeTomato · October 4, 2024, 11:11pm

Thanks, I didn’t know that was the case.

I tried to replace it because I was troubleshooting and thought maybe it should have been the other one. Either way leaving it as the original didn’t work to begin with.

rdwebdesign · October 4, 2024, 11:18pm

I never saw this messge before, but it doesn't seem to be related to Pi-hole.
You could try to disable the pcre2_jit module adding

server.feature-flags += ("server.pcre_jit" => "disable")

to your lighttpd.conf, but I never tried that before.

Actually, your permissions are not exactly correct.

The dot in the permissions is used to indicate a file with an SELinux security context and your debug log shows SELinux status as:

*** [ DIAGNOSING ]: SELinux
[✗] Default SELinux: enforcing
[✗] Current SELinux: Enforcing

You probably need to adjust your SELinux configuration.

BaconLeTomato · October 5, 2024, 12:37am

You are correct. I found from this Reddit post that running the following fixes my problem:

restorecon -rv /var/www
restorecon -rv /opt/pihole

I repaired again using pihole -r just in case and opening the admin page now works!

Edit:

Future readers will also want to clone this repo from the Reddit post and run the shell script to configure SELinux(?) such that the admin page can obtain the stats from pihole.

BaconLeTomato · October 5, 2024, 12:43am

Now I am encountering this screen where it seems there is no connection to the API. I am currently looking into this.

Edit1:

The following did not help:

systemctl restart lighttpd.service
systemctl restart pihole-FTL

Edit2:

I cloned and executed the script in the repo from the Reddit post I mentioned and now the console is properly displaying statistics.

To be honest, I do not completely understand what the properties these commands are modifying are nor do I know how policy modules work. However I do remember that one of the lighttpd errors I ran into before said to run setsebool -P httpd_setrlimit on, which is one of the commands on the shell script.

system · October 26, 2024, 12:43am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.