Hi I’m new here and yesterday I’ve finished setting up my new Bigfix environment and when I shared my web reports link with the rest of my team members, they weren’t able to access the link initially if they do that Invalid Referrer text on their screen (image attached), but they can access web reports if they copy the link and paste it in the URL bar
How are you sending the link?
Is Web Reports of the same sever as the main app?
Do you use CNAME for Web Reports?
I also see that when I share Web report links via MS Teams and I’m pretty sure it may have coincided with new Teams because I dont recall seeing the issue in older Teams client. Sending via apps such as outlook so not have an issue. Clicking the link in Temas results in the Invalid Referrer error but copy-n-paste works. I haven’t investigated this much as its not a critical issue for us and I’m not really sure if its a Web Reports issue or something else, maybe down to how Teams interacts with the referer policy, or maybe down to how the web reports server is referenced (IP vs real fqdn vs cname).
I am sending the link via GChat, and what is this CName I’ve never heard of it. Is it the DNS name of the system present in the console?
Invalid Referrer is a common message that can be returned by secure web servers. Checking Referrer headers is a way to prevent browsers from incorrectly sending sensitive headers or cookies to a server.
You should be able to send links to the “front page” of the Web Reports server, i.e. https://servername:8083/webreports, but not to the ?page=DomainList page.
I believe this is to mitigate a Cross-Site Scripting vulnerability described at Security Bulletin: The BigFix platform is affected by a cross-site request forgery vulnerability (CVE-2016-0295) - Customer Support
2 Likes
Hi JasonWalker, I’ve tried what you said about removing “?page=DomainsList” but the invalid referrer policy error still persists. Thanks for your help.
Possibly something as @SLB said earlier, your chat application may be redirecting the link through a malware scanner (very common practice) and perhaps this referral is being flagged.