Can't display Dashboard - "You don't have permission to access /UI on this server."


#1

When I try to access Dashboard through WDC QuickView or typing http://mybooklive.local/ directly into my browser’s location bar, I get a 403 error with the following message:

“You don’t have permission to access /UI on this server.”

Elsewhere on this forum I grabbed a hint that it might have to do with disk and ethernet adapter being on different subnets.

Where can I see which subnet the disk is using? Or am i on the wrong track??

Help is much appreciated.

John


#2

What if you just reset it?


#3

The dashboard UI is only now accessible from an IP addess on the same Subnet as the the MyBook Live.


#4

Myron wrote:

The dashboard UI is only now accessible from an IP addess on the same Subnet as the the MyBook Live.

Thanks for your reply.

– That’s what I read about the subnet, too. But which subnet address do I have to assign to my computer?

DHCP, which would be the alternative, fails to establish a connection most of the time.


#5

ThePizzaMatrix wrote:

What if you just reset it?

Thanks for your reply. But sadly, still no connection after I reset the disk.


#6

If your MyBook Live and your computer are assigned IP addresses from the router’s DHCP server then it should be academic  as both should have unique IP addresses on the same subnet.

You have tried to press the reset button on the MyBook Live for more than 4 seconds?  That will reset the root password to it’s defailt, clear the owner’s password and reset the network setings of the MyBook Live to get it’s IP address from the router’s DHCP server.  You’ll need to check on the router to see what IP address it gives to your MyBook Live then try access the dashboard not by the name you’ve assinged to the MyBook Live but using it’s DHCP assigned IP address.

See if that works.

(This is under the assumption you’'ve set a static IP address on the MyBook Live and you’ve either forgotten it or you set it and forgot it. There is also the rare case that the networking settings have cot screwed up a bit, somehow…)


#7

Myron,

Sorry, I should have said in the beginning that there’s no router in between. I need to establish a direct connection between the disk and the computer over ethernet.

I guess I’m beyond the original topic now. Last night and right now I can’t even establish a direct connection.

I’ve followed the advice given in a WDC support note, which did work for me exactly once so far.

You can connect the My Book Live, WD My Book World Edition, or WD ShareSpace hard drive to your computer’s Ethernet port and set the computer to use a dynamic IP Address to locate the hard drive. Reboot the computer and the WD My Book World Edition or WD ShareSpace hard drive once you’ve connected the drive directly to the computer and have reconfigured the computer’s Ethernet port to use DHCP.

I appreciate any help, but maybe I need to start a new topic.

Thanks so far,

John


#8

I’m not too confident, but maybe the problem is solved. I’ve connected MyBook to a router so that I could finally open Dashboard. As DHCP didn’t work reliably with a direct connection, I have now set the follwing static addresses, which work from what I can tell right now:

Computer:

IP 192.168.4.1

Subnet 255.255.255.128

MyBook

IP 192.168.4.2
Netmask 255.255.255.128
Gateway 192.168.4.1
DNS Server 192.168.4.1

Not sure if I needed to specify a gateway.


#9

It’s possible to change the firmware (Debian Linux) to remove this limitation:

To enable SSH access to the NAS, go to this page: http://your_mbl_address/UI/ssh

In the file “/etc/network/if-up.d/local-net”, comment the following line with a “#”:
     # echo “Allow from $LOCAL_NET.” >> “${TMP_ALLOW_FILE}”
and add the following line:
     echo “Allow from all” >> “${TMP_ALLOW_FILE}”
Then run the script “/etc/network/if-up.d/local-net” to apply the change.

This change should persist over time and reboot. Maybe a firmware update will require repeat the procedure.

P. S. Use “nano” as a text editor


#10

I did see this file created in the /tmp directory and it’s good to know where it’s created. I’ve been trying to find where the configuration file created in the /tmp folder is referenced.

The other concern if W.D. configured the Apache2 web server to deny access to CakePHP from outside the local network subnet then it’s got to be a workaround to mitigate a security issue where a hacker could fain full access to the MyBook Live if the Dashboard UI is exposed to the Internet.

So, my question is: " What is the actual reason W.D. configured Apache2 to prevent access to the Dashboard UI from being accessed from outside the local subnet?"


#11

Hi,

I have been trying to get your idea to work.

I have added # to “Allow from $LOCAL_NET.” >> “${TMP_ALLOW_FILE}” in nano and added  echo “Allow from all” >> “${TMP_ALLOW_FILE}” and pressed control s to save it to nano.

But im not sure how to run the script?

Im new to debian so if possable to do so could you show me how?

Cheers,

Danad


#12

Just type this line in the command shell to run the script OR you can reboot your MyBook Live to apply the change: /etc/network/if-up.d/local-net


#13

Or do this alteration . . .

File: /etc/apache2/sites-available/wdnas
Line: 50

# comment this line if remote WebUI access is needed (WAN access)
    Include /tmp/allow.conf

That’s how those two lines exist officially within the installed firmware.