pir8radio 1312 Posted October 14, 2014 Posted October 14, 2014 Ok so either i have found a few bugs, or im doing it wrong. :-) My server is accessed through a reverse proxy via IIS, so every remote access is considered "local" in MB3's eyes. I have to do it this way so i can keep only one port open on my firewall, 80. I have multiple domain names under that single port, i dont want to change this, worked fine for older MB3. 1. Now all of my users can clik any user and login to any account including the admin accounts, without the need for a password... I confirmed all of the users have the "Allow local access without password" UNCHECKED. yet its still acting as if it is checked. 2. Also all of my users can play to my home DLNA devices... i dont need my friends playing music to my bathroom speakers at 1am, how do i make it so speciffic users can not play to DLNA devices? 3. How do i shut off the ICON user page? I want the manual login as default? A few others that i cant remember... Ill do annother post after i work these out. Thanks in advance to anyone who can help.
Beardyname 198 Posted October 14, 2014 Posted October 14, 2014 2. I believe is a work in progress. 3. Check the box that says "hide users from login page" (do this for every user) there is currently no option to disable that page altogether. and for 1, i hope you have set passwords for the users
ebr 16183 Posted October 14, 2014 Posted October 14, 2014 I suspect your reverse proxy is causing you issues. The server will allow access to any user from 'localhost' and your setup is probably making it look like that's where everything is coming from. This has actually been implemented this way for a while I'm pretty sure (the localhost access) because we need a way for people to be sure they can access their server if they forget their passwords.
pir8radio 1312 Posted October 14, 2014 Author Posted October 14, 2014 (edited) ok good info from both of you... I do have my reverse proxy setup to use "localhost" what if i used the LAN IP 10.0.1.XXX? How does MB3 determine wether or not im a local user? Also i tried to "HIDE USERS FROM LOGIN PAGE and again using the proxy assumes i want to show them all... so that check box doesnt do anything for accessing via local host. Also couldnt that "localhost" feature be used as a hack by spoofing where the request is comming from, and gain access to admin accounts on a MB3 server? Edited October 14, 2014 by pir8radio
pir8radio 1312 Posted October 15, 2014 Author Posted October 15, 2014 Well i used http://SERVERNAME:port as the reverse proxy address, vs http://localhost:port or http://127.0.0.1 its working, i havent done any digging to see if its going out the lan port and back in yet... but at least passwords work. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now