We sometimes need to access one or more of our routers from outside the office. Doing that from our website would be very handy. Our server runs Apache under Windows 2008 server. Since it serves a few domains, changes were made to the httpd-vhosts.conf file:
ProxyRequests Off
ProxyPreserveHost On
<Location "/router/">
ProxyPass http://192.168.1.40/
ProxyPassReverse http://192.168.1.40/
</Location>
When browsing to http://www.ourdomain.com/router/ the login page indeed appears but it lacks some images and the (image for) login button. After login a complete mess of "forbidden" appears.
It seems like the ProxyPreserveHost directive was completely ignored. Is something wrong with the above modification? Are we missunderstanding something? Could it be due to the fact that the router main page is build using javascript and something else needs to be configured? FYI after login to the router itself the URL doesn´t change (remains http://192.168.1.40)
The login page as it appears from outside:
The correct login page:
The router's main page after login from outside:
Best Answer
I think TP-Link Archer C2 checks the referer, too, and gives 403 if it doesn't match the internal IP of your router. That's a security measure for preventing web sites from loading content from the router.
Try to modify the header manually on your reverse proxy:
Please notice that your setup reveals the web configuration interface with its all possible security problems to the outside network, as the router firmware is typically not automatically upgraded. It's good that you already have TLS enabled on the connection, but you may also want to add some extra level of authentication before the router's own login page.