Error opening the login server connection: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on the XmlReaderSettings to Parse and pass the settings into XmlReader.Create method

[neil2ball]

I've been trying to access my ROBUST server using Radegast. I have it behind an Apache reverse proxy to take advantage of https and ModSecurity. Admittedly, this is a big part of the issue as I can access a localhost standalone region with no problems. However, https in OpenSim is a mess on its own. I managed to get it to work and it still refuses to play nice (as well as not benefit from ModSecurity protections), so I abandoned it for the time being. I have no problems accessing my ROBUST server and logging in with Firestorm.

I tracked down the DtdProcessing property in /libremetaverse/tree/master/LibreMetaverse.StructuredData/LLSD/XmlLLSD.cs line 68.

I changed it to Parse. After much wrangling, I managed to compile Radegast with the new LibreMetaverse.StructuredData. That did not work.

I later found https://www.assistmyteam.com/kb/workaround-on-error-for-security-reasons-dtd-is-prohibited-in-this-xml-document/

So I made sure that I was not behind two routers to get to the Internet. Still no dice.

So, let me try to clarify the postition I'm in:

OpenSim requires some minor code changes to replace trying to use .pfx, .p12, or what have you. It's possible to do now since OpenSim uses .net 6. That is really nice. It lets everything load without having to do certificate gymnastics. It will bind to the port and do what it is expected to do. Yet that prevents me from having ModSecurity protections on the ROBUST server since Apache cannot also bind to the port.

I intend to try using a dedicated server to test this configuration in the future for development. This I have not yet done because I'm starting a production environment and wanted something stable to use for now. I will get to it soon. That way I can test Radegast/libremetaverse hopefully without running into the DTD error. I will keep you posted.

So, for now, I'm stuck in this bind with Radegast/libremetaverse. I need this to work because I'm going to write some custom code for a Radegast plugin. Any help is greatly appreciated.

[github-actions]

Thank you for taking the time to improve LibreMetaverse! We will review your contribution shortly.

[neil2ball]

Update: I tested it on another server that has a public ip address using https (with that little hack to OpenSim's BaseHttpServer that lets me use .pem files). That seems to work with no problem. I think the long-term solution might be to rewrite portions of OpenSim to allow the inclusion of ModSecurity natively.

Yet I'm still not sure why Radegast won't work despite having made the appropriate changes in libremetaverse. When I set DtdProcessing to Parse, nothing happens when try I connect over https, whether on my production server or the test server that works with base radegast.