Disable Web GUI LuCI

jl4c · December 3, 2023, 3:39pm

Hi all,
I am trying to disable LuCI following the documentation (More secure configuration) but I get this error:

root@WDR3600:~# /etc/init.d/uhttpd disable
rm: can't remove '/etc/rc.d/S50uhttpd': I/O error

frollic · December 3, 2023, 3:55pm

Post df -kh output from ssh.

jl4c · December 3, 2023, 4:10pm

root@WDR3600:~# df -kh
Filesystem                Size      Used Available Use% Mounted on
/dev/root                 3.8M      3.8M         0 100% /rom
tmpfs                    59.6M   1000.0K     58.6M   2% /tmp
/dev/sda1                 3.6G    147.7M      3.5G   4% /overlay
overlayfs:/overlay        3.6G    147.7M      3.5G   4% /
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/mtdblock4            2.1M    644.0K      1.4M  30% /rwm

frollic · December 3, 2023, 4:17pm

Try opkg remove uhttpd (or is it uninstall ?) instead, see what it says.

jl4c · December 3, 2023, 4:25pm

I don't really want to uninstall LuCI, but here is the output:

root@WDR3600:~# opkg remove uhttpd
No packages removed.
Collected errors:
 * print_dependents_warning: Package uhttpd is depended upon by packages:
 * print_dependents_warning:    luci-light
 * print_dependents_warning:    uhttpd-mod-ubus
 * print_dependents_warning: These might cease to work if package uhttpd is removed.

 * print_dependents_warning: Force removal of this package with --force-depends.
 * print_dependents_warning: Force removal of this package and its dependents
 * print_dependents_warning: with --force-removal-of-dependent-packages.

frollic · December 3, 2023, 4:26pm

Remove those too.

jl4c · December 3, 2023, 4:41pm

Thanks for the answer, but my intention is just to disable LuCI temporally.

flygarn12 · December 3, 2023, 4:49pm

Luci isn’t “one object” so it can’t be disabled just like that.

There are many ways to temporarily stop access to luci. One could be to commenting the listening lines to port 443 in uhttpd config file.

Another could be to block port 443 in the firewall from your lan, that would pobably depending on your settings come with a tail of other problems for dns and dhcp connections, but it is doable.

frollic · December 3, 2023, 4:52pm

You can just reinstall it, but as @flygarn12 says, alter the config, for instance, make it listen only to localhost.

jl4c · December 3, 2023, 5:00pm

Thanks, but the question is, why I get this error?.
I have another router (WRT1200AC) and I can disable the service uhttpd just fine on it.

frollic · December 3, 2023, 5:01pm

I/O error would probably be storage related.

jl4c · December 3, 2023, 5:04pm

I think so too, maybe the usb flash that I use for extroot. I will try with another device and report back.

oxwivi · December 3, 2023, 5:13pm

If it's a temporary measure, why not simply have the firewall block port 80?

frollic · December 3, 2023, 5:14pm

Would a rule with the src and dest in the same fw zone really work ?

oxwivi · December 3, 2023, 5:21pm

What do you mean? On LuCi for example, you'll be defining source zone to be Any zone (forward) or a particular zone, and the destination zone will be Device (input). And even if not using LuCi/UCI infrastructure, firewall can easily block any port you tell it to, so I don't understand your doubt.