What's new

Enable Web Access from WAN via HTTP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bmn1

Senior Member
I Just updated my RT-AC87 from 380.69_2 to 384.4_0. I'm having issues connecting to my router from my phone. Obviously I see now that there is some new requirement to only allow access via wan using HTTPS. I know some people have super Top Secret data they are hiding on their devices and need the most absolute secure systems possible. But I'm fine with just using HTTP and prefer not to be bothered with using Lets Encrypt. This is the whole reason we "root", "Jailbreak", and use "Custom" firmware to allow us more options and to decide how we need our systems configured. I'm not sure why this is being forced upon users in the first place.

How can I DISABLE this behavior and allow connections via HTTP? If it can't be done then what version did this become a requirement so that I can downgrade back to the highest version that this wasn't required?

Thanks in advance
 
You don’t have to use Let’s Encrypt. Just auto generate the self signed certificate via the GUI and then add the exception to your browser the first time you connect. Never have to worry again!


Sent from my iPhone using Tapatalk
 
Excellent! I didn't realize there was a self-sign option. The option reads "Import/Persistent Auto-generated" so I assumed this was only an option to "Import a Certificate" rather than "Import" or "Auto Generate".

Thanks for that helpful info, much appreciated!
 
I Just updated my RT-AC87 from 380.69_2 to 384.4_0. I'm having issues connecting to my router from my phone. Obviously I see now that there is some new requirement to only allow access via wan using HTTPS. I know some people have super Top Secret data they are hiding on their devices and need the most absolute secure systems possible. But I'm fine with just using HTTP and prefer not to be bothered with using Lets Encrypt. This is the whole reason we "root", "Jailbreak", and use "Custom" firmware to allow us more options and to decide how we need our systems configured. I'm not sure why this is being forced upon users in the first place.

How can I DISABLE this behavior and allow connections via HTTP? If it can't be done then what version did this become a requirement so that I can downgrade back to the highest version that this wasn't required?

Thanks in advance
I am VERY surprised that a dozen or more folks have not jumped on you for even suggesting connection from the WAN. With http even worse!
In the last week my Asus router has logged 23 external attacks. Most are Netcore Backdoor Access Exploits. All have been blocked, I hope!
If you need to access your router from the internet, please use OpenVPN. Easy to set up on the router and your phone be it iOS or Android. If you insist on using the WAN access I sure hope you have off line images of your devices and recent backups.
 
I am VERY surprised that a dozen or more folks have not jumped on you for even suggesting connection from the WAN. With http even worse!
In the last week my Asus router has logged 23 external attacks. Most are Netcore Backdoor Access Exploits. All have been blocked, I hope!
If you need to access your router from the internet, please use OpenVPN. Easy to set up on the router and your phone be it iOS or Android. If you insist on using the WAN access I sure hope you have off line images of your devices and recent backups.

My need for accessing my router via WAN is so that I can wake up my Desktop when I'm not home via WOL. Back when I was using DD-WRT there was a way to do this by setting up a static ARP entry, but I never found a solution to this with RMerlin firmware. I guess maybe I need to research and see if there are any new methods available for waking up remote computers without having to access the routers WOL page directly.
 
I suggest you can start reflash and factory reset if you have already been leaving your router in Wan access for sometime... this is crazy...

Do you know how crazy the internet world is. Daily u see few hundreds of ip from all over the world probing for backdoor/vulnerabilities on your router and u just given them a chance to enter...

if compromised, good hacker would not even let you know they have already enter and took over your router and ability to access devices connected to it.
 
@bmn1 You should setup OpenVPN server on your router, and install OpenVPN in your personal phone/laptop to access you home network. Once connected, you will be able to access your router WebUI much more securely. In this case, you don't have to allow access to WAN, which I must say, is likely to be the main entrance for hackers to Asus routers, HTTPS or not. With most possible hacks that got reported in this forum, mine included, I found that WAN access was likely to be opened at the time of hacking.

As @DonnyJohnny says, you should reflash and factory reset your router before anything.
 
My need for accessing my router via WAN is so that I can wake up my Desktop when I'm not home via WOL. Back when I was using DD-WRT there was a way to do this by setting up a static ARP entry, but I never found a solution to this with RMerlin firmware. I guess maybe I need to research and see if there are any new methods available for waking up remote computers without having to access the routers WOL page directly.
Here (post #11) you have all the info you need to fix lacking static ARP entry and WOL your devices:

https://www.snbforums.com/threads/w...an-a-computer-using-script.29365/#post-278076

Been using this method for months to wake my devices via magic packets, works flawlessly.

Cheers!
 
I saw it but in my case only 1 WAN IP would be authorized for access. Is it still unsafe...?

I don't know how tight that IP access control is, therefore I would not rely on it. Use a VPN.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top