Hi everyone,
I will need some help to understand why https://qnapname.myqnapcloud.com request is being redirected to router login page login.php instead of going to QNAP WEB admin login page.
I could see QNAP login page for a second before redirection happens.
When I specify port number like
https://qnapname.myqnapcloud.com:2000 it works
Is the purpose of Reverse Proxy to handle connection and hide non standard port not being displayed on address bar?
1. Router Arris
2. Qnap TS251+ Firmware 5.0.0.1891
3. Web Server is disabled
4. Let's Encrypt Certificate installed
On Control Panel -> Network & File Services - Reverse Proxy Rule is enabled
Source: https://qnapname.myqnapcloud.com:443 Destination: https://qnapIP:2000
On Control Panel -> System -> System Administration port number for https is set to 2000
Router port forwarding has been set up.
When I leave port number as 443 On Control Panel -> System -> System Administration, forwarded on the router and not using Reverse Proxy everything works as expected.
I can get https://qnapname.myqnapcloud.com and get to QNAP WEB admin page.
But there is another issue is security. I am getting constant try to login as admin from different IP addresses. Yes, admin account is disabled.
Still want to get Reverse Proxy working.
I am not sure what I am missing.
Any help is greatly appreciated.
Web Request Issue to Web Admin utilizing Reverse Proxy
-
- New here
- Posts: 9
- Joined: Thu Nov 08, 2018 12:34 am
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Web Request Issue to Web Admin utilizing Reverse Proxy
Before you get yourself hacked (check deadb0lt and Qlocker threads) , remove all port forwards and disable UPNP.
Then don't even bother with a reverse proxy (purpose is to translate/abstract all web requests through there to not expose exploits in your QNAP webserver directly) and go with a VPN (costs no subscription) running on your router or a dedicated device like a raspi
Disabling admin account or 2FA is smoke and mirrors and has not helped users that got ransomwared via exploits
Then don't even bother with a reverse proxy (purpose is to translate/abstract all web requests through there to not expose exploits in your QNAP webserver directly) and go with a VPN (costs no subscription) running on your router or a dedicated device like a raspi
Disabling admin account or 2FA is smoke and mirrors and has not helped users that got ransomwared via exploits
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Web Request Issue to Web Admin utilizing Reverse Proxy
And 5.0.0.1891 is afaik not the latest firmware for this NAS. QNAP recommends in latest security advise to update to 5.0.0.2055.
https://www.qnap.com/en/security-advisory/QSA-22-19
Regards
https://www.qnap.com/en/security-advisory/QSA-22-19
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- New here
- Posts: 9
- Joined: Thu Nov 08, 2018 12:34 am
Re: Web Request Issue to Web Admin utilizing Reverse Proxy
Basically if I need an access to my QNAP outside of my LAN, I connect through VPN and than access QNAP through LAN IP address.dolbyman wrote: ↑Wed Jun 22, 2022 3:10 am Before you get yourself hacked (check deadb0lt and Qlocker threads) , remove all port forwards and disable UPNP.
Then don't even bother with a reverse proxy (purpose is to translate/abstract all web requests through there to not expose exploits in your QNAP webserver directly) and go with a VPN (costs no subscription) running on your router or a dedicated device like a raspi
Disabling admin account or 2FA is smoke and mirrors and has not helped users that got ransomwared via exploits
Is it right approach?
Thank you.
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Web Request Issue to Web Admin utilizing Reverse Proxy
That is corret
-
- New here
- Posts: 9
- Joined: Thu Nov 08, 2018 12:34 am
-
- New here
- Posts: 9
- Joined: Thu Nov 08, 2018 12:34 am
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Web Request Issue to Web Admin utilizing Reverse Proxy
No, don't make your NAS an edge device, QVPN had security issues and should not be exposed to WAN
https://www.qnap.com/en/security-advisory/qsa-21-61
https://www.qnap.com/en/security-advisory/qsa-21-61