[Openvas-discuss] [WORKAROUND] unknown or invalid Host header

Aaron Couts aaroncouts at gmail.com
Tue Apr 10 17:18:17 CEST 2018


I ran into an issue with my OpenVAS 9 installation and couldn't find
anything about it online (at least in the limited googling that I did), so
I wanted to post the error message and a workaround in case anyone else
runs into it.

I installed OpenVAS 9 on an AWS EC2 instance running Ubuntu 16.04.3 LTS.
The installation went smoothly, but upon pointing my browser to
https://<IP>:4000
I got the following error message:

"The request contained an unknown or invalid Host header. If you are trying
to access GSA via its hostname or a proxy, make sure GSA is set up to allow
it."

I think it may have to do with the fact that the outward-facing IP address
used to access the server is not owned by the server itself, which is
normal on AWS.  In any case I couldn't find any config settings that
addressed this.

I saw that a lot of people use OpenVAS on a local machine, and I was able
to access the Greenbone Security Assistant with /usr/bin/links, so I
thought I'd try nginx to simulate a local user.  I changed the GSA
configuration (/etc/default/openvas-gsa) to disable HTTPS:
HTTP_ONLY=1

Next I installed nginx:
$ sudo apt-get install nginx

And configured nginx as follows:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        location / {
                proxy_pass http://localhost:4000;
        }
}

$ sudo /etc/init.d/nginx start

At that point I was able to access GSA by pointing my browser to http://<IP>
so I'm hitting nginx on port 80 rather than hitting GSA directly on port
4000.

Note that if you want to run OpenVAS on AWS, you should complete a pentest
permission request (https://aws.amazon.com/premiumsupport/knowledge-
center/penetration-testing/).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20180410/76a6f1c0/attachment.html>


More information about the Openvas-discuss mailing list