EX2 Ultra OS5 HTTP access forbidden (HTTP ERROR 403)

I too have this very disturbing issue since the very last firmware upgrade (■■■■ me for upgrading!!). It looks like dashboard web access will only be allowed from these set of ip pool addresses
10.0.0.0
172.16.0.0
192.168.0.0
no other will work. And I have like 200.200.0.0 with tens of network devices with static ip addresses already set up and working fine and I’m not going to change the whole thing one by one because of this insane WD change update.
Could you WD guys please address this issue as soon as you can and bear in mind that not all the people all around the world have standard ip internal network set up?
Thanks a lot

I too have this issue after updating to the latest firmware on one of my EX2 Ultra’s. I am not using a 192.168 subnet and we should not have to change to that just to be able to use it. Holding off on updating any other units until this resolved.

I have the same issue. The NAS is part of a company network, so changing IP is not possible.
I can still access my shares, connection by ssh is possible, so why is http not working???

1 Like

I have the same denied access issue that only started with the recent WD update to MyCloud EX2 Ultra since I do not use the 198.168.x.x IP address. Like the others I can only access MyCloud via Window 10 folders and not the web UI. Since this was caused by a WD update please inform us when you will be releasing another WD update to fix this IP web UI access error?

Right or wrong. . . .

. . .OS/5 only permits access through private IP addresses

Private network - Wikipedia

I have been burned by this before (I think with Roku sticks)

Agreed WD web access is only private IP which I had working under WD OS 5 prior last weeks WD update. Problem is the WD update restricted access to just default IP like 192.168.x.x and a few others. I like many others here do not use default IP addresses. WD needs to fix the recent update.

WD,in an effort to loose market shares over NAS systems, has deliberately decided to prevent dashboard access from IP pools other than standard private ip sets.
The ones like me installing the nas over complex networks with non standard private IP setups, will have to refer to other products for the future as this puts a hard restriction for the ex2 to go for.
And, to be honest, this modification makes no sense at all.

Hello, I am also facing this problem, how do I change the NAS ip? Has anyone had the solution?

The IP setup is router driven.
You have to change it there.

Thanks for your attention, I use a fixed IP on my equipment, as I no longer have access via the web, I can’t change it.

We all have different reasons for not having the network setup WD gentlemen would like us to have, but they just don’t give a…, period. Neither they’re interested in the mess they’ve put their customers following this ■■■■ software “upgrade”.

The fix is ​​still not released after a week.
Either WD is not reading its forum or the issue is not important to WD.
But most likely, this is not a mistake and it was done specifically to limit the use of cheap NAS only in home networks.
Only a home user can be convinced that he is obliged to use some very funny restrictions.
Three my friends reported that their 16TB NAS has become bricks. They used static IPs.
Apparently in the near future we will have to spend a lot of money to switch to solutions from normal manufacturers.

Thanks.

1 Like

I too believed this was not a mistake, but then why allowing access to the nas via public ip pools within the lan for reading\writing files and deny access from the same ip set when logging to the dashboard? This just doesn’t make sense to me at all.

I think that set “right” IPs in the Apache configuration it’s is easy and looks like a bug for an regular user.
But if you do not rush to correct it, considering it not essential.
As a result, people like me and my friends and small companies will be forced to switch to more expensive solutions.
Private clients are not important and small companies will buying a product from WD, because have discounts from suppliers.

Well, after another 3 months, you can block access altogether.
Clients who hastily switched to new addresses and those who replace the NAS completely will no longer write angry posts, and the rest can say goodbye with their information.

In my case, 2x16TB EX2 Ultra + 3x16TB from my friends will be replaced by QNAP.

It will take about a week of my work time (because it’a different geo locations + double copy + settings/shares/software), if you count the cost of my work hour and the downtime of my friends… this is a huge loss during an already very heavy time.

The WD politics will cost me very dearly, thank for God that I no longer need buy hard drives from these scammers, SMR drives as server drives is fantastic fraud.

2 Likes

I have two EX2 with fixed ip addresses no more accessible via GUI, no more accessible via SSH after this upgrade. Only SMB service is running. When reading all of you, should I understand that the only solution is to trash all hardware and move to another vendor because I implemented fixed IP addresses outside local IP ranges 192.168.x etc … ?

Can’t WD developpers provide a HOW-TO to allow boot on USB in order to give us possibility to change the IP address of the NAS or to put it in DHCP mode ? Should not be a big effort for them to correct this major mistake ?

There has been some incorrect information floating about.

First. . . if you put the unit to a fixed IP and can no longer access it. . . .then you can do a “system restore”, which I bet will reset the network settings. This will wipe the users and parts of the custom configuration; but will leave the shares and data intact.

Second. . . all of this reminds me that the best way to assign static IP is from the Router; not the final device.

Third. . .I am still trying to figure out all the implications of the HTTPS redirect. Sounds like the redirect is LOCAL, but relies on a certificate that requires periodic updating? But the DNS lookup is remote? (and I imagine that the unit has to regularly contact the DNS server to provide the DNS lookup information. . .(regular could be every day, every hour, every second. . .I don’t know). This is a sore point for me.

NAS returned to Amazon and one Synology on arrival.
Problem solved.

Prior to the IOS5 upgrade, WD placed no apparent restrictions on the Private Address Range for the LAN.

Under IOS5, however, WD has restricted the permissible address ranges to those prescribed by the IANA -

Address Class Address Range
Class A 10.0.0.0–10.255.255.255
Class B 172.16.0.0–172.31.255.255
Class C 192.168.0.0–192.168.255.255

Based on feedback from WD Support, this was a priority action designed to address “Security Issues” .

Problem 1: the decision was implemented in the absence of any prior consultation with the My Cloud EXE Ultra user base. This is particularly concerning given that, from one IOS release to the next, a WD device that has formed part of an existing LAN without any issues would suddenly dictate a reconfiguration of that LAN - affecting all attached devices. It is clear from some of the posts in this thread that any form of reconfiguration would be extremely onerous (if not practically impossible).

Problem 2: there was no notification prior to the user accepting the OS5 upgrade that the upgrade would force a LAN reconfiguration if the LAN did not conform to IANA standards. This was critical – given that there is no OS5 downgrade option.

Problem 3: the WD Support Staff were not adequately briefed on the design decision and how it should be addressed following requests for assistance. In my interaction with support, I received the following pieces of advice ( none of which worked , some of which were risky and some of which required considerable time and effort) –

A 4 Second Reset.

A 40 Second Reset. Here I was advised to take a full data backup, cut the power (and hope for the best).

Try to access the Dashboard using the IP Address.

Try to access the Dashboard using Device Name.

Try making use of several different browsers.

Consult the My Cloud OS 5: Dashboard HTTPS Access “This site can’t be reached” article. Not particularly useful as I was dealing with an Access Denied issue.

Consult the My Cloud OS 5: Dashboard URL Doesn’t Redirect to HTTPS Device Unique Domain Name article. Not relevant.

Consult the My Cloud OS 5: How To Access the AdminUI Dashboard article . Not relevant.

Sincere thanks to the WD Community for the solution.

@JonFr, this restriction was relaxed in firmware 5.07.118 that just came out on Wed. Can you give that a try?

Web dashboard access restriction : Previously, we have restricted device configuration access from IP addresses that are not within the private IP ranges defined by RFC 1918 of the Internet Engineering Task Force. This is intended to prevent potential security exposure from the use of a public IP address, and the user is only allowed to configure My Cloud OS 5 with the following IP address ranges:

  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255
  • 192.168.0.0 - 192.168.255.255

In today’s firmware 5.07.118, we’ve modified and relaxed this restriction by allowing access from computers within the same subnet if user is using these IP addresses.

I can confirm that my restriction of login via http or ssh is now fixed by version 5.07.118, and I was not obliged to change my fixed IP address which was out of 10.x, 172.x or 192.168.x

I did nothing and simply received a mail confirming that the firmware update was successful. Two weeks of research to find no solution. We had to be patient. I have 2 other EX2, I will now check if remote backup is still running.

1 Like