403 -Forbidden

[lawrencezarb]

I have done a embeeded install of ver 9.3.0.2.1213, and now when I try and access the webgui from outside my network I get the above message.

The NIC is set with a Static router and uses the same config as version 9.2 which worked fine.

[apollo567]

strange, with 1213 DHCP should work again, please try as workaround static IP adress

[lawrencezarb]

Hi, I am using a static IP address for the NAS!

[apollo567]

ok, then try DHCP !

[alexey123]

If you try access to webgui from outside your network, you need allow outside ip address on System|General Setup page, Hosts allow entry. Also you need allow your network

Example

where 88.88.88.88 is allowed ip address

[apollo567]

from outside your network

You are right alexey, I had overread this fact, as I had the similar Problem because of broken DHCP with 1190.

[lawrencezarb]

Hi, that worked, but now how do I allow gui access from ALL my PC's connected on the LAn without having to enter all their ip addresses invidually?

[alexey123]

Put CIDR entry. As 192.168.1.0/24 -- in this case you allow access from all LAN

[Lee Sharp]

I like 192.168.0.0/16 myself. Too often I am on an IPSEC vpn and cursing because I forget to set it.

[tegoo]

Must be allowed to require network,Or allow all network

[delta_x]

Hi, I need some help to allow remote access to web gui.
I use a DDNS (xxxx.no-ip-info), how configure the "hosts allow" to permit remote access from internet ?
The ports needed on router are open, and the version 9.2 worked.
Thanks for your help.

[sebasb]

Hi, I need some help to allow remote access to web gui.
I use a DDNS (xxxx.no-ip-info), how configure the "hosts allow" to permit remote access from internet ?
The ports needed on router are open, and the version 9.2 worked.
Thanks for your help.

I've tried 0.0.0.0/0 or /1, 255.255.255.255/255 to not avail as well. Kinda stuck on this due to my not so good knowledge. Sometimes I need to access it from my tablet or other customers.

If someone knows how to allow from everywhere it will be great.

Thanks

[sebasb]

I found some progress, with 128.0.0.0/1, ot sure I will be able to access it from everywhere though

[sarwanov]

Its very interesting post you shared.Thanks a lot

[leo1986pc]

this option should be disabled...

[leo1986pc]

If I want to configure my NAS via mobile phone across a LTE connection, how could I predict my IP address and set it in my configuration?

[delta_x]

this option should be disabled...

How disable this option ?

[leo1986pc]

Sorry, i mean that I want to disable but i'm not able to do it.

[delta_x]

I'm stuck, I can not access from the internet
In version 9.2 all correct and working in 9.3 does not allow access, always the "403 - Forbidden"...

Maybe I will have to leave this crap version and format again with 9.2.
The most amazing is that've looked everywhere and I find no answer.

Perhaps one of the experts who frequent this forum may clarify this question, I'm sure there's a lot more people with this problem.

[tgtechno]

Hi, I need some help to allow remote access to web gui.
I use a DDNS (xxxx.no-ip-info), how configure the "hosts allow" to permit remote access from internet ?
The ports needed on router are open, and the version 9.2 worked.
Thanks for your help.

I've tried 0.0.0.0/0 or /1, 255.255.255.255/255 to not avail as well. Kinda stuck on this due to my not so good knowledge. Sometimes I need to access it from my tablet or other customers.

If someone knows how to allow from everywhere it will be great.

Thanks

I have the exact same problem 9.3.0.2 (1349) ... can't get to the WebGUI from outside the local network and I was able to on previous revision(s) of the firmware (9.2.x.x).

[zakroma]

When Im trying to add a range of IPs into the Hosts allowed box, I get the

Code: Select all

Webserver document root is missing.

How do I resolve it?

UPD just disabled the webserver service and it all worked just fine

[tgtechno]

Hi, I need some help to allow remote access to web gui.
I use a DDNS (xxxx.no-ip-info), how configure the "hosts allow" to permit remote access from internet ?
The ports needed on router are open, and the version 9.2 worked.
Thanks for your help.

I've tried 0.0.0.0/0 or /1, 255.255.255.255/255 to not avail as well. Kinda stuck on this due to my not so good knowledge. Sometimes I need to access it from my tablet or other customers.

If someone knows how to allow from everywhere it will be great.

Thanks

I have the exact same problem 9.3.0.2 (1349) ... can't get to the WebGUI from outside the local network and I was able to on previous revision(s) of the firmware (9.2.x.x).

Tried a lot more troubleshooting and still cannot get the WebGUI using version 9.3.0.2 (1349) to work from outside a local network:

• Access to the WebGUI through the local network with the "hosts allow" box blank works fine.
• Previous version(s) worked fine - this is a problem that showed up after 'upgrading.'
• I tried adding all sorts of combinations for the "hosts allow" field to allow ALL IPs access to the WebGUI from other IPs with no success, similar to what sebsab did (i.e. put in 0.0.0.0/0 which should allow any IP to access the system and specific external IPs I knew I was using). I still get the "403 - Forbidden" page.
• I have tried switching from https:// to http:// and also changed the security certificate with no success. I confirmed the port forwarding was enabled to use port 443 for https and 80 for plain http.
  It is clear the outside networks are reaching the NAS4Free box as I get the notification that a new certificate is being used when using https:, but then the 403 page shows up again.
• I temporarily enabled the webserver service to serve up plain pages, and that works fine from external IPs

Can anyone help, please?

[armandh]

for storage files, enable the web server...
pick a port number and set webserver to the desired share and enabled the index page
then setting the router IP forwarding such that the wan side (IP):8086 forwards to the (N4F-IP):8086 port
it just worked, in my case browsing.....
from the lan 192.186.xxx.xxx:8086 and from the internet side [router wan side IP]:8086

port 80 is the set up web page, avoid it or forward it depending on your wish.

[tgtechno]

for storage files, enable the web server...
pick a port number and set webserver to the desired share and enabled the index page
then setting the router IP forwarding such that the wan side (IP):8086 forwards to the (N4F-IP):8086 port
it just worked, in my case browsing.....
from the lan 192.186.xxx.xxx:8086 and from the internet side [router wan side IP]:8086

port 80 is the set up web page, avoid it or forward it depending on your wish.

I am not interested in running the webserver, only accessing the NAS4Free WebGUI remotely. I enabled the webserver service only to see if the NAS4Free box responded to WAN IP requests (it did), however the WebGUI still does not respond to WAN IPs even with the webserver service OFF. There must have been a code change because this did work in earlier NAS4Free versions.

I will try a non-standard port for the WebGUI (such as 8086) and see if that helps.

[tgtechno]

for storage files, enable the web server...
pick a port number and set webserver to the desired share and enabled the index page
then setting the router IP forwarding such that the wan side (IP):8086 forwards to the (N4F-IP):8086 port
it just worked, in my case browsing.....
from the lan 192.186.xxx.xxx:8086 and from the internet side [router wan side IP]:8086

port 80 is the set up web page, avoid it or forward it depending on your wish.

I am not interested in running the webserver, only accessing the NAS4Free WebGUI remotely. I enabled the webserver service only to see if the NAS4Free box responded to WAN IP requests (it did), however the WebGUI still does not respond to WAN IPs even with the webserver service OFF. There must have been a code change because this did work in earlier NAS4Free versions.

I will try a non-standard port for the WebGUI (such as 8086) and see if that helps.

OK, I think I resolved the issue ... for some reason the 'hosts allow' box doesn't seem to process the string 0.0.0.0/0 ... but it doesn't report it as a malformed CIDR address either. I was led to believe this string would allow the entire internet to access the WebGUI.

The 'hosts allow' DOES process the following string:
0.0.0.0/1 128.0.0.0/2 192.0.0.0/3 224.0.0.0/4 240.0.0.0/5 248.0.0.0/6 252.0.0.0/7 254.0.0.0/8

which allows any IP between 0.0.0.0 - 255.0.0.0 to access the WebGUI which meets my need.

[Pappmann]

The 'hosts allow' DOES process the following string:
0.0.0.0/1 128.0.0.0/2 192.0.0.0/3 224.0.0.0/4 240.0.0.0/5 248.0.0.0/6 252.0.0.0/7 254.0.0.0/8

which allows any IP between 0.0.0.0 - 255.0.0.0 to access the WebGUI which meets my need.

That works, great!

Thanks

[Lee Sharp]

This bit me again today at a client. I forgot I would be locked out, and it was plugged into a network I had no direct access to so I couldn't plug in a laptop and allow access. It sure would have been nice to be able to ssh in and fix this. Or have it default to "open" and not "closed" since you can easily lock yourself out.

[ChriZathens]

IIRC, via ssh you can edit lighttpd. conf, restart lighttpd and webui is accessible again. You can then enter webui, insert desired range in webui and it will survive the reboot.
Temporar fix, I know...
And I agree that this setting should be disabled by default. In the future I suppose it will be fixed.

[delta_x]

Thanks, they work

OK, I think I resolved the issue ... for some reason the 'hosts allow' box doesn't seem to process the string 0.0.0.0/0 ... but it doesn't report it as a malformed CIDR address either. I was led to believe this string would allow the entire internet to access the WebGUI.

The 'hosts allow' DOES process the following string:
0.0.0.0/1 128.0.0.0/2 192.0.0.0/3 224.0.0.0/4 240.0.0.0/5 248.0.0.0/6 252.0.0.0/7 254.0.0.0/8

which allows any IP between 0.0.0.0 - 255.0.0.0 to access the WebGUI which meets my need.

[joker_75]

really great job
after 3 days workin on it with no result and lots of forums full of stuff that want work this was rescue for my nas befor i drop it out of the window

great thanks for that

i just took it in via copy and paste and all probs where gone.