Can you remotely administer MyBookLiveDuo

WD Legacy Products My Book Live Duo
3

THIS COULD OPEN YOU UP TO POTENTIAL HACKS

The file you want to edit is at

/tmp/allow.conf

To allow any IP access to the dashboard, edit the file to

<Directory /var/www/UI>
Order Allow,Deny
Allow from all</Directory

  Stop and start the apache server

MyBookLive:~# /etc/init.d/apache2 stop
8518: old priority 0, new priority 0
Stopping web server: apache2 ... waiting .
MyBookLive:~# /etc/init.d/apache2 start
8576: old priority 0, new priority 0
Starting web server: apache2.

Make sure you have a secure dashboard password set

Who knows what kinda hacks this can open you up to :wink:

For more information

http://library.linode.com/web-servers/apache/configuration/rule-based-access-control

I didn’t have any luck with the following, but you might. Obviously you would change the 22.22. to whatever the IP address of the machine you would be accessing the MBL from has. 192.168. needs to be left there for local access

<Directory /var/www/UI>
Order Deny,Allow
Deny from allAllow from 192.168.
Allow from 22.22.
</Directory>

Stop and start the apache server

MyBookLive:~# /etc/init.d/apache2 stop
8518: old priority 0, new priority 0
Stopping web server: apache2 ... waiting .
MyBookLive:~# /etc/init.d/apache2 start
8576: old priority 0, new priority 0
Starting web server: apache2.

TAKEN FROM THE ABOVE LINK

To parse this in more simple terms:

  • The “Order Deny,Allow” directive tells the web server that “Deny” rules should be processed before Allow rules.
  • The “Deny from all” directive tells the web server that all users should be denied access to the given resource. This rule is processed first.
  • The “Allow from” directive tells the web server that requests originating at the IP address “22.22.*.*” should be allowed. This is processed last, and represents an exception to the “Deny from all” rule.

In short, all hosts except for 192.168.*.* and 22.22.*.* are denied access to this resource.

Alternatively you could edit the section in red for the file wd-nas

/etc/apache2/sites-available/wd-nas

<VirtualHost *:80>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/

	<IfModule mod_rewrite.c>
		RewriteLog /var/log/apache2/rewrite.log
		RewriteLogLevel 0

		RewriteEngine On

		# address-only access redirected to User Interface
		# RewriteRule ^/$ /UI/ [R]

		# relocate UI

		# relocate administrative REST
		RewriteRule ^/api/1.0/rest/(.*) /Admin/webapp/htdocs/api/1.0/rest/index.php [L]
	</IfModule>

    <IfModule mod_rewrite.c>
        # configure landing page for webdav applet
        RewriteRule ^/LandingPage /Admin/webapp/htdocs/securityCheck.php [L,R]
    </IfModule>

	# additional environment variables to pass to CGI and SSI
	# any way to use DocumentRoot/DOCUMENT_ROOT???
	SetEnv __ADMIN_API_ROOT /var/www/Admin

	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>

	<Directory /var/www/>
		Options -Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	
    # block application folders from being served
    <Directory /var/www/Admin/webapp/config/>
            Order deny,allow
            Deny from all
    </Directory>
    <Directory /var/www/Admin/webapp/classes/>
            Order deny,allow
            Deny from all
    </Directory>
    <Directory /var/www/Admin/webapp/includes/>
            Order deny,allow
            Deny from all
    </Directory>

    <Directory "/var/www/UI/app/webroot/">
        RewriteEngine On
        RewriteBase /UI/
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
	</Directory>

    # comment this line if remote WebUI access is needed (WAN access)
    Include /tmp/allow.conf
    
	<Directory "/var/www/UI">
        RewriteEngine on
        RewriteBase /UI/
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule ^$ app/webroot/
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule (.*) app/webroot/$1 [L]
		php_value memory_limit 1G
    </Directory>
        
	### unused at this time
	### ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	### <Directory "/usr/lib/cgi-bin">
	###	AllowOverride None
	###	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
	###	Order allow,deny
	###	Allow from all
	### </Directory>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	###CustomLog /var/log/apache2/access.log combined

	### not used at this time
	### Alias /doc/ "/usr/share/doc/"
	### <Directory "/usr/share/doc/">
	###	Options Indexes MultiViews FollowSymLinks
	###	AllowOverride None
	###	Order deny,allow
	###	Deny from all
	###	Allow from 127.0.0.0/255.0.0.0 ::1/128
	### </Directory>

    ############################
    # WebDav Extension
    ############################
    
    Include /etc/nas/apache2/auth/alias.inc
    Include /etc/nas/apache2/auth/require.inc

    #############################

</VirtualHost>

 Simply change it to

# comment this line if remote WebUI access is needed (WAN access)
# Include /tmp/allow.conf
1 Like