I was happily copying some stuff over to my new MBL, when it suddenly restarted.

Everything seems to be working fine exept for the web UI. I can do everything, acces files, even have SSH on and its working. But the UI gives me a 403 error.

Simply stating:

Forbidden

You don’t have permission to access /UI on this server.

I have no clue on why this changed like that. I assume that due to the reboot some files must have been re-generated, and they changed some permissions or so…

Anyone any clue on how to get this working again? That would be great.

Regards,

do you have ssh enabled?  there are some threads here that might show you how to access the ui.

yes, ssh still enabled. which posts are you referring to?

File is:  /etc/apache2/sites-available/wdnas

Line 50:

# comment this line if remote WebUI access is needed (WAN access)
    Include /tmp/allow.conf

Might work. Reember not to forward port 80 from your MyBook Live to the Interent or have your MyBook Live on the DMZ.  It removes the restriction as noted in the comment on line 50.

Do this at your own risk!

I do not know what security vulnarabilities exists within CakePHP so as soon as you make the UI available to the WAN then you may find out that your MyBook Live is not your own but someone else’s.

You may need to re-start the Apache2 web server or re-start the MyBook Live.

Myron wrote:

File is:  /etc/apache2/sites-available/wdnas

Line 50:

comment this line if remote WebUI access is needed (WAN access)

Include /tmp/allow.conf

Might work. Reember not to forward port 80 from your MyBook Live to the Interent or have your MyBook Live on the DMZ.  It removes the restriction as noted in the comment on line 50.

Do this at your own risk!

I do not know what security vulnarabilities exists within CakePHP so as soon as you make the UI available to the WAN then you may find out that your MyBook Live is not your own but someone else’s.

You may need to re-start the Apache2 web server or re-start the MyBook Live.

I had the same problem at work when trying to connect with the UI. The above method should work, but a safer option is to go to the /tmp/allow.conf and put in your current IP. I just use filezilla and add the IP I am currently at and it works.

I’m assuming you’re creating an SFTP connection and have set thr user root password to something very secure?  Using the normal FTP daemon/service does not allow access to /tmp/allow.conf

Be aware that at any time /tmp/allow.conf could be re-written. It does make sense to add the public IP of where you’re at to /tmp/allow.conf as opposed to just removing the restriction alltogether, but it does mean having the SSH service (port 22) permanantly accessible to the Internet so the required changes can be made.

It’s possible to change the firmware (Debian Linux) to remove this limitation:

To enable SSH access to the NAS, go to this page: http://your_mbl_address/UI/ssh

In the file “/etc/network/if-up.d/local-net”, comment the following line with a “#”:
     # echo “Allow from $LOCAL_NET.” >> “${TMP_ALLOW_FILE}”
and add the following line:
     echo “Allow from all” >> “${TMP_ALLOW_FILE}”

Then run the script “/etc/network/if-up.d/local-net” to apply the change.

You can change “Allow from all” for a more restrictive access like “Allow from 123.123.123” where “123.123.123” is the subnet IP address of your remote location which is outside of your private subnet. You can add as many lines as needed. See this page for more information: http://httpd.apache.org/docs/2.2/howto/access.html

This change should persist over time and reboot. Maybe a firmware update will require repeat the procedure.

P. S. Use “nano” as a text editor