You don't have permission to access /UI on this server

clement_li · May 19, 2016, 7:01am

Hi,

I have set up MyCloud and also ID & password were created, everything is fine and also I can logon via browser
http://192.168.1.5/UI

But when I tried to access it on remote site via VPN, it shows “You don’t have permission to access /UI on this server”

The remote site IP is 192.168.2.x , is it MyCloud security issues ? Please advise, thanks.

Nazar78 · May 19, 2016, 7:18am

It’s not security issues but on the other hand, security measures. You can only access the Dashboard locally via subnet 192.168.1.0/24.

clement_li · May 19, 2016, 7:23am

Yes, I can access it via 192.168.1.x/24, but if I access it via 192.168.2.x/24, it doesn’t !

clement_li · May 19, 2016, 7:38am

oh, you mean I can only access locally via 192.168.1.x/24, in that case, access it via the WAN or VPN is impossible !

Nazar78 · May 19, 2016, 7:40am

Yes your VPN IP is in the 192.168.2.0/24 range NOT 192.168.1.0/24 and WD only allows Dashboard access from 192.168.1.0/24 (192.168.1.1 - 192.168.1.255).

You need dangerous security modifications to remove this restriction (that I’ll not cover here) which probably void the warranty.

clement_li · May 19, 2016, 7:43am

OMG! Why WD design this products so stupxx!!! Even other firewall products that can allow administrators access it via WAN or VPN ~ WD MyCloud… it is nightmare!!!

Nazar78 · May 19, 2016, 7:48am

I’m not defending WD but this is for the good cause. Imagine if this restriction is not implemented, and the remote access is enabled? The NAS login page could get brute force attacks.

Since you’re using VPN and I assumed you have some networking experience, you can create a tunnel to view the Dashboard. SSH from your VPN to MyCloud and create a tunnel which you can access via the browser.

See my similar post here:

clement_li · May 19, 2016, 7:58am

I am IT guy, I know that it is security issue, but if no IT guy on 192.168.1.x site, that is trouble!

For the first time set up, I use Teamviewer to remote access remote site PC, then set up WD MyCloud id & pw, it is fine, but I cannot every time run Teamviewer to remote access remote site PC to do any admin task on MyCloud as that PCs always busy always!

Thru the WAN I am not suggested but via VPN, I think it is OK, can you advise how to enable this feature on WD MyCloud, many thanks.

Nazar78 · May 19, 2016, 8:33am

Ok IT guy, setup the VPN-> SSH tunneling as I described on the previous post. You will have full access on the 192.168.1.x site. No modifications needed

The problem with this is if you remove the restriction to allow VPN, it will also allow dangerous WAN access directly to the MyCloud.

Instead add your VPN subnet to the restriction:
sed -ri 's/(\$\{LOCAL_NET\})$/\1 192.168.2.0\/24/' /etc/apache2/sites-available/wdnas-ui.conf>/dev/null 2>&1;

Then restart the daemon:
service apache2 restart;

I assumed above modifications are done on a Gen1 Single Bay MyCloud firmware v4. Modifying any part of the device may void your warranty.

clement_li · May 19, 2016, 9:35am

Hi Nazar78,

Modify /etc/apache2/sites-available/wdnas-ui.conf file and restart the deamon, OK, thanks.

jwprice · July 28, 2016, 7:20am

When I add the local net info there’s no error, cat wdnas-ui.conf shows edits…
However when I service apache2 restart I get an error
“-sh: service:not found”
Should I be in a different location in the shh session before using the restart command? When I use the reboot command it reboots the drive, and the modification made to the wdnas-ui is no longer there.

When at root, doing “/etc/apache2 restart”
I get a “Permission denied” error message .

I’m on the current version 2.21.111

Nazar78 · July 28, 2016, 8:19am

Erm this mod is only supported on MyCloud single bay Gen1 devices firmware v3/v4. The only MyCloud that supports permanent (survive reboots) modifications to its rootfs.

jwprice · July 28, 2016, 5:34pm

Thanks for the info Nazar… Never fails for a company to make their hardware less appealing as the gen’s go up.lol

terrierl · February 27, 2018, 5:57pm

Well, depending on what kind of router you have, you can modify the subnet used when connecting to the VPN. For example, on the Asus routers, you can access the advanced settings from the dropdown in the VPN Server tab and change the client ip address to 192.168.1.x ~ 192.168.1.x. Just be sure to change the DHCP IP Pool Starting Address to something above the range specified in the VPN settings.

I am able to access the UI of the MyCloud from anywhere remotely as long as I connect to my router via VPN.

ayhanhacioglu · November 25, 2023, 8:58pm

Hi All,

you can edit apache config file as you wish and always access everywhere via ssh

please follow the below;

0- run this command for create backup file “cp /usr/local/apache2/conf/httpd.conf /usr/local/apache2/conf/httpd.conf_orj”
1- edit and update the file with command “vi /usr/local/apache2/conf/httpd.conf”
2- Delete the “RequireAny” tag everywhere
3- apache restart web
4- you can able to access from any subnet

---------------- You must be see latest situation for httpd.conf Removed the RequireAny tag ---------------

---------------- Original File ---------------