Menu
What's new
By:
Filters Better Search

Enable Web Access from WAN via HTTP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bmn1

Senior Member
I Just updated my RT-AC87 from 380.69_2 to 384.4_0. I'm having issues connecting to my router from my phone. Obviously I see now that there is some new requirement to only allow access via wan using HTTPS. I know some people have super Top Secret data they are hiding on their devices and need the most absolute secure systems possible. But I'm fine with just using HTTP and prefer not to be bothered with using Lets Encrypt. This is the whole reason we "root", "Jailbreak", and use "Custom" firmware to allow us more options and to decide how we need our systems configured. I'm not sure why this is being forced upon users in the first place.

How can I DISABLE this behavior and allow connections via HTTP? If it can't be done then what version did this become a requirement so that I can downgrade back to the highest version that this wasn't required?

Thanks in advance
 
You don’t have to use Let’s Encrypt. Just auto generate the self signed certificate via the GUI and then add the exception to your browser the first time you connect. Never have to worry again!


Sent from my iPhone using Tapatalk
 
Excellent! I didn't realize there was a self-sign option. The option reads "Import/Persistent Auto-generated" so I assumed this was only an option to "Import a Certificate" rather than "Import" or "Auto Generate".

Thanks for that helpful info, much appreciated!
 
bmn1 said:
I Just updated my RT-AC87 from 380.69_2 to 384.4_0. I'm having issues connecting to my router from my phone. Obviously I see now that there is some new requirement to only allow access via wan using HTTPS. I know some people have super Top Secret data they are hiding on their devices and need the most absolute secure systems possible. But I'm fine with just using HTTP and prefer not to be bothered with using Lets Encrypt. This is the whole reason we "root", "Jailbreak", and use "Custom" firmware to allow us more options and to decide how we need our systems configured. I'm not sure why this is being forced upon users in the first place.

How can I DISABLE this behavior and allow connections via HTTP? If it can't be done then what version did this become a requirement so that I can downgrade back to the highest version that this wasn't required?

Thanks in advance
Click to expand...
I am VERY surprised that a dozen or more folks have not jumped on you for even suggesting connection from the WAN. With http even worse!
In the last week my Asus router has logged 23 external attacks. Most are Netcore Backdoor Access Exploits. All have been blocked, I hope!
If you need to access your router from the internet, please use OpenVPN. Easy to set up on the router and your phone be it iOS or Android. If you insist on using the WAN access I sure hope you have off line images of your devices and recent backups.
 
bbunge said:
I am VERY surprised that a dozen or more folks have not jumped on you for even suggesting connection from the WAN. With http even worse!
In the last week my Asus router has logged 23 external attacks. Most are Netcore Backdoor Access Exploits. All have been blocked, I hope!
If you need to access your router from the internet, please use OpenVPN. Easy to set up on the router and your phone be it iOS or Android. If you insist on using the WAN access I sure hope you have off line images of your devices and recent backups.
Click to expand...

My need for accessing my router via WAN is so that I can wake up my Desktop when I'm not home via WOL. Back when I was using DD-WRT there was a way to do this by setting up a static ARP entry, but I never found a solution to this with RMerlin firmware. I guess maybe I need to research and see if there are any new methods available for waking up remote computers without having to access the routers WOL page directly.
 
I suggest you can start reflash and factory reset if you have already been leaving your router in Wan access for sometime... this is crazy...

Do you know how crazy the internet world is. Daily u see few hundreds of ip from all over the world probing for backdoor/vulnerabilities on your router and u just given them a chance to enter...

if compromised, good hacker would not even let you know they have already enter and took over your router and ability to access devices connected to it.
 
@bmn1 You should setup OpenVPN server on your router, and install OpenVPN in your personal phone/laptop to access you home network. Once connected, you will be able to access your router WebUI much more securely. In this case, you don't have to allow access to WAN, which I must say, is likely to be the main entrance for hackers to Asus routers, HTTPS or not. With most possible hacks that got reported in this forum, mine included, I found that WAN access was likely to be opened at the time of hacking.

As @DonnyJohnny says, you should reflash and factory reset your router before anything.
 
bmn1 said:
My need for accessing my router via WAN is so that I can wake up my Desktop when I'm not home via WOL. Back when I was using DD-WRT there was a way to do this by setting up a static ARP entry, but I never found a solution to this with RMerlin firmware. I guess maybe I need to research and see if there are any new methods available for waking up remote computers without having to access the routers WOL page directly.
Click to expand...
Here (post #11) you have all the info you need to fix lacking static ARP entry and WOL your devices:

https://www.snbforums.com/threads/w...an-a-computer-using-script.29365/#post-278076

Been using this method for months to wake my devices via magic packets, works flawlessly.

Cheers!
 
primitivo said:
I saw it but in my case only 1 WAN IP would be authorized for access. Is it still unsafe...?
Click to expand...

I don't know how tight that IP access control is, therefore I would not rely on it. Use a VPN.
 
You must log in or register to reply here.

Similar threads

A
Enable Web Access from WAN can't stay enabled
Replies
2
Views
691
Alipasijaner
A
T
Open ports on WAN for service running on the router
Replies
8
Views
728
ColinTaylor
C
K
The dreaded "HTTPS is a relatively more secured web access protocol. We strongly suggest to enter the ASUS router setting page via HTTPS protocol."
Replies
16
Views
3K
Diablo99
Diablo99
S
Troubleshooting Access Point Connectivity: WAN vs. LAN Port Issue
Replies
2
Views
207
Shasoosh
S
Wobbo
Configuring USB-Connected HDD for FTP Sharing via NordVPN Dedicated IP on AC86U
Replies
3
Views
1K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2
Yota How to enable port randomization in Asuswrt-Merlin? Asuswrt-Merlin 4
M How to Enable Hardware Acceleration /RT-AX86U Pro Asuswrt-Merlin 3
M enable IPv4 over LAN Asuswrt-Merlin 11
delikid package to expand Parental Controls - Web & Apps Filters? Asuswrt-Merlin 4
L Is firmware reinstallation in recovery mode deeper than on the web interface? Asuswrt-Merlin 20
L Feature suggest: web notifications Asuswrt-Merlin 1
D Feature request: Two factor authentication web login. (TOTP) Asuswrt-Merlin 8
L dynamic cgnat ip is changing correctly with ddns custom script but shown ip in web interface never changes Asuswrt-Merlin 5
cyruz Reversing the web node reboot feature Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 998 (members: 27, guests: 971)
Top