ER707-M2 v1.2.0 / 1.2.1 has not fixed the [Referer check failed] login interface bug problem.
Dear @Clive_A
Quote the original bug ↓
https://community.tp-link.com/en/business/forum/topic/624204?replyId=1274430
I used [Incognito Mode] throughout the whole process and still had the problem.
However, seeing the release of the 1.2.0 / 1.2.1 firmware update, there is still no fix. When will this issue be fixed?
Many Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Clive_A they match for your infromation. Also, I followed the steps provided from previous post. Added DynDNS record and disable it. How everything works great. However, I schedueld it to reboot on a nightly basis. After the reboot, things gone very weird this morning by not allowing me to even get into the default IP and only allowing through domain name. So I went in and deleted DynDNS record and for some strange reason, everything now works like ER605.
- Copy Link
- Report Inappropriate Content
Hi @sycshk
Thanks for posting in our business forum.
sycshk wrote
@Clive_A they match for your infromation. Also, I followed the steps provided from previous post. Added DynDNS record and disable it. How everything works great. However, I schedueld it to reboot on a nightly basis. After the reboot, things gone very weird this morning by not allowing me to even get into the default IP and only allowing through domain name. So I went in and deleted DynDNS record and for some strange reason, everything now works like ER605.
I am not sure about your description. So are you saying that it is working flawlessly now? Nothing wrong with it since you tried the previous steps/suggestions?
Or you gotta manually adjust it to make it work okay after every reboot?
This determines if I follow your case up or not.
- Copy Link
- Report Inappropriate Content
"So are you saying that it is working flawlessly now?" Yes, it seems to work flawlessly now. However, I'm not exactly sure what I have done. Anything I can do to help?
"Nothing wrong with it since you tried the previous steps/suggestions?" Yes, everything seems to work fine now. Let's wait until tomorrow morning's schedule reboot to double confirm.
"Or you gotta manually adjust it to make it work okay after every reboot?" No, it seems not the case.
Steps I've done.
- Copy Link
- Report Inappropriate Content
What's the solution for [Referer check failed] for the ER707-M2?
I have the same problem with six new ER707-M2 devices running firmware ER707-M2(UN)_V1.6_1.2.0 Build 20231214.
All of the devices are running in stand alone mode and don't have a controller configured.
Each of the ER707-M2 devices has a static internet ip address on the WAN interface
They do NOT use DDNS.
My internet subnet is added to the list of address permitted for remote management.
I receive the [Referer check failed] when attempting to remotely manage any of the devices from a web browser using the static ip address of its WAN interface. This occurs with Chrome and Firefox.
Please advise.
- Copy Link
- Report Inappropriate Content
I have a similar problem with a new ER7206-V2 behind a Fritzbox:
WAN <-> Fritzbox with Port Forwarding <-> ER7206
No chance to administrate the ER7206 from WAN via the WEB, always: Referer check failed
When will there be a solution?
- Copy Link
- Report Inappropriate Content
Hi @acireale
Thanks for posting in our business forum.
acireale wrote
I have a similar problem with a new ER7206-V2 behind a Fritzbox:
WAN <-> Fritzbox with Port Forwarding <-> ER7206
No chance to administrate the ER7206 from WAN via the WEB, always: Referer check failed
When will there be a solution?
Downgrade to the 1.1.0 firmware if necessary. The referer check was not added to the firmware.
Due to the security requirement, we added this improvement to this firmware.
We may add a referer check option if you need it to be enabled or disabled. Or referer check allowlist.
Workaround now:
1. Downgrade to the previous one until an official release has been out. 1.1.0 build 20230609.
2. Or create a custom DDNS like this. http://[USERNAME]:[PASSWORD]@api.cp.easydns.com/dyn/tomato.php?hostname=[DOMAIN]&myip=[IP]
Our support team said this is a workaround as well.
- Copy Link
- Report Inappropriate Content
It can't really be a good idea to downgrade the ER7206-v2 from firmware 2.1.2 Build 20240324 Rel. 46738 to a firmware 1.1.0 - and I can't find such a firmware 1.1.0 for ER7206-v2 for download either.
I only have a dynamic WAN address. It would by very helpful to have an option within the firmware(s) to deactivate the referrer check.
Note: I also have an ER605 v2.0 with firmware 2.1.2 Build 20230210 Rel.62992. Here, access via WAN works without any problems.
- Copy Link
- Report Inappropriate Content
Hi @acireale
Thanks for posting in our business forum.
acireale wrote
It can't really be a good idea to downgrade the ER7206-v2 from firmware 2.1.2 Build 20240324 Rel. 46738 to a firmware 1.1.0 - and I can't find such a firmware 1.1.0 for ER7206-v2 for download either.
I only have a dynamic WAN address. It would by very helpful to have an option within the firmware(s) to deactivate the referrer check.
Note: I also have an ER605 v2.0 with firmware 2.1.2 Build 20230210 Rel.62992. Here, access via WAN works without any problems.
OK. I must have misread what model you have.
The reported "issue" now:
About the referer check, it is NOT a software bug but a security measure to increase the security.
Reason behind:
To increase the security, we add the referer check. It performs referer field validation in the standalone backend uhttpd: Referer validation will check if the referer field in the HTTP request is consistent with the destination IP address in the message. If they are not consistent, the validation will not pass. The error will display.
The situation now:
The referer check was added to the ER707-M2 in the very first place. For the official releases, it should be added in the following or recent updates. ER605 should be added with it as well. If this persists, please downgrade to the second to last official version.
You may start a new thread regarding this matter. I need to keep track of the case for better clarity. I also require a diagram of your network in the thread as you mentioned that you placed the ER7206 V2 behind a router/modem. Specify the WAN IP address as I need to know how you connect your networks. Partially mosaic your WAN IP if it is a public one.
There is no official fix to the ER707-M2 or any other models regarding this feature. As listed, there are two workarounds. It should be universally applied to other models if you need to downgrade, downgrade it to the second to last version.
The status on our side now:
About this error you experienced, we have several software-level solutions but it is still under internal discussion. Dev's working on it and expected to get a release in Aug. (This is not a definite schedule.)
We may offer the option to disable the referer check for certain users as they don't have the possibility to meet the mechanism explained above.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3150
Replies: 29
Voters 0
No one has voted for it yet.