Error 409: Web UI and Apache

Discussion of the Web Interface for Transmission, formerly known as Clutch. This applies to all version of Transmission
astjohn
Posts: 9
Joined: Mon Apr 20, 2009 1:46 am

Error 409: Web UI and Apache

Post by astjohn »

I'm currently trying to hook the web UI into apache. I have followed the apache settings as outlined here:
http://trac.transmissionbt.com/wiki/WebInterface

After supplying the correct username and password to apache, I am presented with Error 409:

Code: Select all

409: Conflict

Please add this header to your HTTP requests:

X-Transmission-Session-Id: neEyk19o9RDDRZtMc9myro5Zs5OYz0tylWCRsvvGCcyU9m43

RPC Application Developers:

As of Transmission 1.53 and 1.61, RPC clients need to look for this 409 response containing the phrase "invalid session-id". It occurs when the request's X-Transmission-Session-Id header was missing (such as during bootstrapping) or expired. Either way, you can parse this response's headers for the new session-id.

This requirement has been added to make CSRF attacks more difficult.
I'm using Apache 2.2.11 on Ubuntu and testing with firefox 3.0.12

Any ideas?
astjohn
Posts: 9
Joined: Mon Apr 20, 2009 1:46 am

Re: Error 409: Web UI and Apache

Post by astjohn »

anyone?
adgenet
Posts: 5
Joined: Sat Sep 16, 2006 8:06 pm

Re: Error 409: Web UI and Apache

Post by adgenet »

I'm getting this on a plain install of leopard with the built in apache2 as well. Accessing with Safari 4.0.3 No clue on how to fix it
Jordan
Transmission Developer
Posts: 2311
Joined: Sat May 26, 2007 3:39 pm
Location: Titania's Room

Re: Error 409: Web UI and Apache

Post by Jordan »

If you're positive you want to disable this 409 error, you can compile it out of Transmission by removing the line
#define REQUIRE_SESSION_ID
in libtransmission/rpc-server.c, and then rebuilding/reinstalling Transmission.
astjohn
Posts: 9
Joined: Mon Apr 20, 2009 1:46 am

Re: Error 409: Web UI and Apache

Post by astjohn »

ok, but what is the cause of this error?

why is the session ID OK when I connect via port 9091 compared to when I use the apache settings as specified in the wiki?
Jordan
Transmission Developer
Posts: 2311
Joined: Sat May 26, 2007 3:39 pm
Location: Titania's Room

Re: Error 409: Web UI and Apache

Post by Jordan »

I don't know. Is apache stripping out the header?
holeyshitballsbatman
Posts: 10
Joined: Wed Aug 13, 2008 5:27 pm

Re: Error 409: Web UI and Apache

Post by holeyshitballsbatman »

I've got the same problem here. Transmission 1.75 installed on a G4 Mac Mini with 10.5.8. Connecting through port 9091. Almost everywhere(through other connections and through my iphone via 3G) it seems to work fine, but when connecting through my work's network I get this error message after I enter the username/password:

Code: Select all

409: Conflict
Your request had an invalid session-id header.To fix this, follow these steps: When reading a response, get its X-Transmission-Session-Id header and remember it Add the updated header to your outgoing requests When you get this 409 error message, resend your request with the updated header
This requirement has been added to help prevent CSRF attacks.X-Transmission-Session-Id: WpgFNPxOKwh2UOL8cLzF4W9WOSX0ZshZSvxnyx5LCpDamjWK
Is there an easy way to add that header that it's looking for through the browser?

Thanks
torsti76
Posts: 1
Joined: Mon Nov 02, 2009 5:17 pm

Re: Error 409: Web UI and Apache

Post by torsti76 »

Hi,

I ran into this one, too. After several hours of trial and error it turned out that (as opposed by Apache's documentation) setting

ProxyRequests On
ProxyPreserveHost Off

in the global scope of your Server/Virtual Server definition does the trick. In particular, the first line prevents headers unknown to Apache from being stripped of the request.

Good luck
Torsten
astjohn
Posts: 9
Joined: Mon Apr 20, 2009 1:46 am

Re: Error 409: Web UI and Apache

Post by astjohn »

Torsten,

I put those lines at the top of my sites-enabled file. I also tried inside the <VirtualHost *:80> tag

Neither seemed to work for me. Can you elaborate a bit more on where exactly you placed the text?

Thanks.
AngryInca
Posts: 1
Joined: Tue Dec 29, 2009 2:50 pm

Re: Error 409: Web UI and Apache

Post by AngryInca »

You are getting this because the rewrite engine isn't turned on.

Add:

RewriteEngine on

Before the configuration in the wiki. So your configuration looks like this:

RewriteEngine on

# Redirect requests to /transmission to /transmission/web
RewriteRule /transmission[/]?$ /transmission/web [R=permanent]

# Forward all requests for /transmission to transmission-daemon
ProxyPass /transmission http://127.0.0.1:9091/transmission
ProxyPassReverse /transmission http://127.0.0.1:9091/transmission

You might be able to put the "RewriteEngine on" somewhere else, such as /etc/apache/conf.d/rewrite or httpd.conf, but I only got it working in the Virtual Host definition.

EDIT - I just read this in the mod_rewrite documentation - "By default, mod_rewrite configuration settings from the main server context are not inherited by virtual hosts...", so putting it Virtual Host definition is indeed the correct way to go, and might be worth putting a comment about it in the wiki.

Hope that helps.
astjohn
Posts: 9
Joined: Mon Apr 20, 2009 1:46 am

Re: Error 409: Web UI and Apache

Post by astjohn »

Thanks AngryInca! I had the RewriteEngine in the wrong place.

I can confirm that "RewriteEngine on" needs to be placed within the Virtual Host definition (i.e. <VirtualHost *:80>).

For future users, here is an example of my apache configuration file:

Code: Select all

NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine On

        ServerAdmin webmaster@localhost
        ServerName localhost
        DocumentRoot /home/username/public_html/index/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
                AuthType Digest
                AuthName "authname"
                AuthDigestDomain /home/username/public_html/index/
                AuthDigestProvider file
                AuthUserFile /path_to_passwords/passwords
                Require valid-user
        </Directory>
        
###### INSERT REST OF DIRECTORY LOCATIONS, CONFIGURATIONS, ETC....  #####


### BELOW FOR TRANSMISSION WEB INTERFACE ###

  # Redirect requests to /transmission to /transmission/web
  RewriteRule /transmission[/]?$ /transmission/web [R=permanent]

  # Forward all requests for /transmission to transmission-daemon
  ProxyPass /transmission http://127.0.0.1:9091/transmission
  ProxyPassReverse /transmission http://127.0.0.1:9091/transmission

  <Location /transmission>

     # Digest Auth enable
     # See http://httpd.apache.org/docs/2.2/howto/auth.html#gettingitworking
     Order Allow,Deny
     Allow from All
     AuthType Digest
     AuthName "authname"
     AuthDigestProvider file
     AuthUserFile /whatever/auth_file
     Require user username

     # Make pictures, scripts and styling client-cacheable
     <IfModule expires_module>
        ExpiresActive On
        ExpiresByType image/gif A43200
        ExpiresByType image/png A43200
        ExpiresByType application/javascript A43200
        ExpiresByType text/css A43200
     </IfModule>
  </Location>
### END - TRANSMISSION WEB INTERFACE ###
</VirtualHost>


Note:
ProxyRequests On
ProxyPreserveHost Off

made no difference for me.
aqis
Posts: 1
Joined: Fri Jul 23, 2010 10:18 am

Re: Error 409: Web UI and Apache

Post by aqis »

409: Conflict

Your request had an invalid session-id header.

To fix this, follow these steps:

1. When reading a response, get its X-Transmission-Session-Id header and remember it
2. Add the updated header to your outgoing requests
3. When you get this 409 error message, resend your request with the updated header

This requirement has been added to help prevent CSRF attacks.

X-Transmission-Session-Id: H8tubUw7aoZirX5NJkXghm1gB5d9lQNXkVetjMJg16rJwOdP

__________________________________________

I "upgraded" to Transmission 2.03 by mistake. I was using 2.01 very successfully on Ubuntu 9.10.
Was able to use webclient successfully with 2.01.
Now I get this message above every time.

Because I am new to the Linux worl, I don't know what to do.
I would like to revert to 2.01 but don't know how.

I am not that techno savy;
Thanks
trancemission
Posts: 1
Joined: Fri Jul 23, 2010 10:47 am

Re: Error 409: Web UI and Apache

Post by trancemission »

aqis wrote:409: Conflict

Your request had an invalid session-id header.

To fix this, follow these steps:

1. When reading a response, get its X-Transmission-Session-Id header and remember it
2. Add the updated header to your outgoing requests
3. When you get this 409 error message, resend your request with the updated header

This requirement has been added to help prevent CSRF attacks.

X-Transmission-Session-Id: H8tubUw7aoZirX5NJkXghm1gB5d9lQNXkVetjMJg16rJwOdP

__________________________________________

I "upgraded" to Transmission 2.03 by mistake. I was using 2.01 very successfully on Ubuntu 9.10.
Was able to use webclient successfully with 2.01.
Now I get this message above every time.

Because I am new to the Linux worl, I don't know what to do.
I would like to revert to 2.01 but don't know how.

I am not that techno savy;
Thanks
I get same error, and url is like this: http://localhost:9091/transmission/transmission/web/

It need to be like this: http://localhost:9091/transmission/web/
Then it works.

I don't know why I get duplicate /transmission in url.
Sino
Posts: 11
Joined: Sat Jun 19, 2010 1:43 pm

Re: Error 409: Web UI and Apache

Post by Sino »

I got the same error without duplicate rewrite rule, look at https://dl.comfun.org/transmission

Don't know why neither, how to correct it :/

It only work if I'm using first :9091 port en enter the password/login and opening it from /transmission in another tab of the explorer but after 1 or 2 hours it doesn't work again.

Must be something with cookie , I don't know really..
JoKeR
Posts: 1
Joined: Fri Aug 13, 2010 2:46 pm

Re: Error 409: Web UI and Apache

Post by JoKeR »

Apache:

Code: Select all

RewriteEngine on
RewriteRule          ^/mydaemon/(.*)          http://127.0.0.1:9091/transmission/web/$1 [P]
RewriteRule          ^/transmission(.*)         http://127.0.0.1:9091/transmission$1 [P]
new transmission address -> http(s)://www.address.com/mydaemon/
AUTH is used from transmission settings(!). nothing more.
Post Reply