The HTTP_REFERER ... does not match the predefined setting ??

[whit]

I'm at this point because I'm blocked from accessing via the public IP because adding two other IPs to the WAN interface cut that off from being connected to by HTTPS or ping. And my way in now is via a WireGuard tunnel, which in turn I'm trying to access through an xinetd port forwarder set up on the other end of that tunnel. The system on the other end is a remote Linux server without a GUI desktop.

From that system directly I can do w3m and get the login screen on the OPNsense box. But from my desktop remote to that, when I go to the xinetd port forwarding set up there, I get:

The HTTP_REFERER "https://172.17.10.1:444/" does not match the predefined settings. You can disable this check if needed under System: Settings: Administration.

What? I never predefined any setting for this. I've not enabled ssh access. How do I get control back here?

[whit]

It's not the port that it needs to match. Switching to 443 still gives me:

The HTTP_REFERER "https://172.17.10.1/" does not match the predefined settings. You can disable this check if needed under System: Settings: Administration.

[whit]

Finally got in from an RDP session to a desktop on the system on the other end of the WireGuard tunnel.

I'd suggest it's a bad idea to have the HTTP_REFERER protection on by default. The odds of blocking a bad actor with that are far lower than the odds that a good actor will need flexibility of access.