I have installed an openvas based on kali, installed NGINX and adapted the config files. created an admin user. after signing in to the login page, I get the error message: “The request contained an unknown or invalid host header.” If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it. "
Once it went to the dashboard and I was able to run a scan. I do not remember how I did it.
Can someone give me a hint where the error is?
Please take a look at
or just query “gsa invalid host header” in google. Sorry but I’ve explained this topic to often…
I have also found that it often comes to this error. Unfortunately, I did not understand what IP address I have to give the command / - allow-header-host.
Can you tell me that?
Your browser sends a Host HTTP Header when requesting a web page. This Head header value must match the --allow-header-host parameter value. So it needs to be the publicly accessible IP or DNS name.
Okay i have setup my local dns server an add a nameserver entry. Than i set the name with gsad --allow-header-host tsa.moe.home Then i restarted all services. Then tested again with same failure.
What can i check next?
Please inspect your browser (Network Tab in the browsers developer tools) which host it is sending in the http request. The Host Header must match allow-header-host
ok, i mean the host header name is tsa.moe.home
`
root@kali:~# gsad --allow-header-host tsa.moe.home
root@kali:~# Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.
root@kali:~#
Where is my mistake?
Hi,
probably the same mistake like in the thread below is made where the parameter is not configured where it should be on Kali:
or more exactly:
Hello cfi,
that was exact the mistake. I completed the entry as described below. And it works.
Thank you for your support
Right now come on this thread is clearly not solved its not a timeout issue and it shouldnt be the inclusion of an external / internal ip address as youve already provided 0.0.0.0 as both the sources. I am frankly not happy with this I recall having the same or similar issues with nessus but cant recall what the solution was. Obviously this is different and I am much appreciative of all your hard work here but it is simply a basic requirement that you can access the web ui over the net!! We should not be changing the systemd files in order to do this. I have ammended the config script pointed to here more /etc/openvas/openvassd.conf
However all to no avail. I am informed that the headers provided by my browser are the reason for this message:
The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.
I find that also equally unlikely I have here the ammended systemd file:
/lib/systemd/system/greenbone-security-assistant.service Modified
[Unit]
Description=Greenbone Security Assistant
Documentation=man:gsad(8) http://www.openvas.org/ 4
Wants=openvas-manager.service
[Service]
Type=simple
PIDFile=/var/run/gsad.pid
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0
–mport=9390 --allow-header-host myip --timeout 1440
We shouldnt need --allow-header-host or --timeout for a start it should suffice for the mlisten and listen options to be 0.0.0.0
So Id appreciate some frank answers here. My company is waiting for its audit and I cant do it without access to the web ui.
I do ofcourse appreciate this is a free service. Many thanks.
I am running Kali linux as a VM on a Windows server. There must be a reason this isnt working. Unfortunately I am a small outfit and our software is not updated and runs exclusively on Windows XP so you can see the reason why I need the audit done.
Thanks, Simon
This is clearly a uncoordinated 3rd Party issue, you should get back with this feedback to the package maintainer at Kali, we can´t do anything about this , we do not provide or generate this packages, and this is the full responsibility on the integrator to his distribution.
At our appliances where GVM is mainly developed for we do not face this type of issues 
Hi @hbyte,
it is obvious that you should not be required to edit service files to change the settings. But as Lukas already mentioned we (Greenbone) aren’t responsible nor even involved in this mistake. Since GSA 8 we already provide some example systemd files that can be used as a starting point for the packagers https://github.com/greenbone/gsa/tree/gsa-8.0/gsad/config. Please create an issue report for the Kali package maintainers to get this fixed.
open the config file /etc/default/openvas-gsa and add you host header to ‘ALLOW_HEADER_HOST=you host’
For AWS / OpenVAS users I have created install / operate instructions here: https://tips.graphica.com.au/openvas-on-aws/
This issue will inevitably come up if you stop and then restart your free tier AWS VM as the DNS name of these machines changes cross stops and restarts.
I SOLVED this with changing the IP ADDRESS to a host name. Example: sudo docker run -d -p 443:443 -e PUBLIC_HOSTNAME=openvas.myCompanyName@edu --name openvas mikesplain/openvas