Hello,
I was trying to setup a secure connection to the web interface and I got this link https://openwrt.org/docs/guide-user/luci/luci.secure
under Securing against brute-force attacks, I copied and pasted the command line into the Firewall setting and custom and hit saved. Next thing I know, I couldn't log back in to Luci anymore. I wasn't so sure where I would put that syntax in. So sorry, I'm such a newbie.
How could I log back in to Luci?
Any help would greatly appreciated, please and thank you.
Log in to the router using SSH and restore the default settings:
uci -q delete uhttpd.main.listen_http
uci add_list uhttpd.main.listen_http="0.0.0.0:80"
uci add_list uhttpd.main.listen_http="[::]:80"
uci -q delete uhttpd.main.listen_https
uci add_list uhttpd.main.listen_https="0.0.0.0:443"
uci add_list uhttpd.main.listen_https="[::]:443"
uci commit uhttpd
/etc/init.d/uhttpd restart
Remove everything you have inserted in the custom firewall rules section.
1 Like
hi,
@pavelgl already answered how to remediate your issue but some context to the guide you followed, apparently partially:
The section brute force you referenced is sub-section of ssh tunneling for a reason. The settings under brute force will make luci access locked down to your device only, nobody from the internal lan can access luci after you apply (as it is explained in the guide protect "from attackers already in the local network") (and access from wan side by default is prohibited by the way).
In order to access luci with this setup you need SSH tunneling setup as well explained in next section (setting up ssh tunnel). Which assumes you still have SSH connection to your owrt device from lan and willing to configure aforementioned tunnel according to the guide.
(but, in my opinion if you use https to access luci with strong root password, and you are running your home environment which is controlled by you, i.e. it is not shared or open to public (for example internet coffee shop) environment, it is less likely some hacker who is already in your internal network will be stopped by locking down luci's webserver. my 2 cents only, it's your call after all.)
good luck.
1 Like
Yes, I forgot about that, I panicked last night that I can't access the Luci interface because of my ignorance. Yes, I was able to logged back in through Ssh! And put in the new command line that you provided. And after that, I was able to logged back in to Luci! Thank you so much for your help, sir! Much appreciated!
And to grrr2, I tried to ssh to the WAN with the dynamic IP I got, but it denied me for some reason. Anyways, thank you also for your help!
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.