Hi @sycshk 

Thanks for posting in our business forum.

sycshk wrote

  @Clive_A  as requested

So which means your registered domain name on the provider's end is the same on the router, sync page, and domain name?

Hi @sycshk 

Thanks for posting in our business forum.

sycshk wrote

  @Clive_A they match for your infromation. Also, I followed the steps provided from previous post. Added DynDNS record and disable it. How everything works great. However, I schedueld it to reboot on a nightly basis. After the reboot, things gone very weird this morning by not allowing me to even get into the default IP and only allowing through domain name. So I went in and deleted DynDNS record and for some strange reason, everything now works like ER605.

I am not sure about your description. So are you saying that it is working flawlessly now? Nothing wrong with it since you tried the previous steps/suggestions?

Or you gotta manually adjust it to make it work okay after every reboot?

This determines if I follow your case up or not.

Hi @acireale 

Thanks for posting in our business forum.

acireale wrote

  @SakamotoBlog 

 

I have a similar problem with a new ER7206-V2 behind a Fritzbox:

WAN <-> Fritzbox with Port Forwarding <-> ER7206

No chance to administrate the ER7206 from WAN via the WEB, always: Referer check failed

When will there be a solution?

Downgrade to the 1.1.0 firmware if necessary. The referer check was not added to the firmware.

Due to the security requirement, we added this improvement to this firmware.

We may add a referer check option if you need it to be enabled or disabled. Or referer check allowlist.

Workaround now:

1. Downgrade to the previous one until an official release has been out. 1.1.0 build 20230609.

2. Or create a custom DDNS like this. http://[USERNAME]:[PASSWORD]@api.cp.easydns.com/dyn/tomato.php?hostname=[DOMAIN]&myip=[IP]

Our support  team said this is a workaround as well.

Hi @acireale 

Thanks for posting in our business forum.

acireale wrote

  @Clive_A 

 

It can't really be a good idea to downgrade the ER7206-v2 from firmware 2.1.2 Build 20240324 Rel. 46738 to a firmware 1.1.0 - and I can't find such a firmware 1.1.0 for ER7206-v2 for download either.

I only have a dynamic WAN address. It would by very helpful to have an option within the firmware(s) to deactivate the referrer check.

 

Note: I also have an ER605 v2.0 with firmware 2.1.2 Build 20230210 Rel.62992. Here, access via WAN works without any problems.

OK. I must have misread what model you have.

The reported "issue" now:

About the referer check, it is NOT a software bug but a security measure to increase the security.

Reason behind:

To increase the security, we add the referer check. It performs referer field validation in the standalone backend uhttpd: Referer validation will check if the referer field in the HTTP request is consistent with the destination IP address in the message. If they are not consistent, the validation will not pass. The error will display.

The situation now:

The referer check was added to the ER707-M2 in the very first place. For the official releases, it should be added in the following or recent updates. ER605 should be added with it as well. If this persists, please downgrade to the second to last official version.

You may start a new thread regarding this matter. I need to keep track of the case for better clarity. I also require a diagram of your network in the thread as you mentioned that you placed the ER7206 V2 behind a router/modem. Specify the WAN IP address as I need to know how you connect your networks. Partially mosaic your WAN IP if it is a public one.

There is no official fix to the ER707-M2 or any other models regarding this feature. As listed, there are two workarounds. It should be universally applied to other models if you need to downgrade, downgrade it to the second to last version.

The status on our side now:

About this error you experienced, we have several software-level solutions but it is still under internal discussion. Dev's working on it and expected to get a release in Aug. (This is not a definite schedule.)

We may offer the option to disable the referer check for certain users as they don't have the possibility to meet the mechanism explained above.