Environment

• EDR Console: 6.2.4 and Higher
• EDR Server: 6.2.3 and Higher

Symptoms

• Using a custom WebUI port
• Red error message pops up when updating user password

  Unable to create user

• Red error message pops up with verified permissions for live-response or moving sensors to a new group

  Insufficient privileges to access this page

• /var/log/cb/coreservices/debug.log error message

  2018-12-26 9:21:02 [64433] <warning>  flask.app - Forbidden (Referer checking failed: https://servername:8443/ does not match https://servername/.):

Cause

Resolution

1. Open /etc/cb/nginx/conf.d/includes/headers.includes
2. Find the following line

   proxy_set_header       Host               $host;
3. Edit to:

   proxy_set_header       Host               $host:$server_port;
4. Save and restart just the nginx service

   CentOS 6: service cb-nginx restart
   CentOS 7: sudo systemctl restart cb-nginx

Additional Notes

• Copy and pasting can cause additional hidden characters
• The change forces Nginx to send the port in the header to match what the CSRF originally had seen

Related Content