Any idea why my iPad appears to be trying to login to my router?

ProxyMoron

So i see these a few times a day in my system logs logs:-

nginx: 2019/08/26 10:44:32 [error] 13360#100439: *2687 open() "/usr/local/www/cgi-bin/authLogin.cgi" failed (2: No such file or directory), client: <IPAD LAN Addr>, server: , request: "GET /cgi-bin/authLogin.cgi? HTTP/1.1", host: <WAN IP Addr>"

Initially i thought i may have had a login open in Safari and it was refreshing every so often but that's not the case, at least with the one i had today.

I'm also seeing:-

nginx: 2019/08/27 15:26:12 [error] 13138#100384: *2694 open() "/usr/local/www/.well-known/dnt-policy.txt" failed (2: No such file or directory), client: <my desktop PC>, server: , request: "GET /.well-known/dnt-policy.txt HTTP/2.0", host: "<LAN Router Addr>"

After i login from my Desktop which also seems strange.

Anyone got any ideas what im seeing here? I'm running 2.4.4-RELEASE-p3.

Thanks

johnpoz

You would need to troubleshoot your client to why it would be trying to open up stuff that doesn't exist..

All nginx is doing is logging the requests.

Are you wanting to disable logging of such stuff?

If you don't want the dnt-policy logged when browsers look for that, you could setup a redirect for 404 or actually put the file there, etc.

edit:
I am not seeing any of the queries for dnt-policy in my log... But I did try to call up some nonsense, and see the log for that

nginx: 2019/08/27 10:58:53 [error] 77468#100157: *4490 open() "/usr/local/www/sjdljsldf" failed (2: No such file or directory), client: 192.168.9.100, server: , request: "GET /sjdljsldf HTTP/2.0", host: "sg4860.local.lan:8443" 

So are you asking to how to stop that stuff from being logged, or how to stop your client from asking for stuff that is not there?

kiokoman

authLogin.cgi

Apple (iOS devices) have a mechanism to automatically open a web browser when a direct connection to the internet is not possible. idk or you probably have some rules preventing the ipad to go out somewhere and it automatically try to open that web page where you are supposed to enter the credential to go online.

dnt-policy.txt

this is the "Do Not Track" option, this is a setting on safari
for example company can set policies and put that information inside dnt-policy.txt so safari can grab it

ProxyMoron

Hi folks,
Thanks for the info, I think this may be be being caused by the qfile IOS application that is used in combination with my QNAP NAS (the issue with the login not the do not track, I appreciate that's septate now).

However it's mighty strange as my NAS is obviously on a separate IP address and the qfile app knows that because I gave it the correct address of the NAS (and it works) so I can only assume it's mixing up the default gateway with the NAS IP as its trying to login to the router as well for some reason.

I dunno, all a bit strange, I need to investigate this a bit more.

Thanks

johnpoz

@ProxyMoron said in Any idea why my iPad appears to be trying to login to my router?:

NAS IP as its trying to login to the router as well for some reason.

No it prob does not have internet, and is trying to find a place to login (think captive portal) to get internet access.

ProxyMoron

But why would the QFILE app need internet access. This is all local, the NAS is on the same VLAN, there's no need for the app to request access or attempt to access the internet.

This isn't the NAS reaching out, it's the application on my iPad that's used as a file manager for the NAS.

johnpoz

Has nothing to do with your app or your nas - its the IPAD it on a network, and doesn't think it has internet it tries to call up where it can login to get access..

ProxyMoron

Ah well, there are a couple of reasons why in not sure that’s correct, firstly the log seemed to appear again when I opened that Qfile app, secondly if you search for /cgi-bin/authLogin.cgi it’s directly related to the QNAP, even though that is on a different IP address.

I guess I’ll know soon enough though, as if your correct I should still get these messages even though I have temporarily removed the Qfile app.

johnpoz

So its trying to go to your WAN IP? That could be the app, because your service or whatever it is running is presenting your WAN IP and not your local ip...

GET /cgi-bin/authLogin.cgi? HTTP/1.1", host: <WAN IP Addr>

ProxyMoron

Yeah,
That’s what it looks like now you point it out. The question now then is why an app on my iPad is trying to get to my wan IP address on my router in order to access my NAS (judging by the url it’s trying to access)?

Especially as it’s on the same VLAN as my NAS anyway and it knows the correct LAN IP of my NAS because I’ve told it the correct IP AND it works when I use the application as expected.

It’s like the app is reaching out to my public IP thinking It’s the NAS.

Very confusing.

johnpoz

Have no idea how that app works, but plex can do teh same sort of thing..

Get with the makers of the app on how it finds your device. If its trying to resolve something that is public, and it returns your public IP vs your rfc1918, it might because of rebinding protection. With plex you have to set a domain as private or you can run into some issues.

ProxyMoron

Good point, I run Plex and had to do that in the past, seems strange that a file application / browser requires it but I’ll ask over in their forums for more info.

Thanks for the guidance, really appreciate it.

kiokoman

or .. who know what bloatware they put inside their apps
maybe it want to send statistic data from your nas (full of porn) somewhere