I have a problem with the web interface in RouterOS 3.
What I am trying to do is to have an unprivileged local user with read-only access to the web interface; to this end I created a “test” user in a new group with “web” and “read” as the only permissions (but I have the same problem if I use the default “read” group).
On 2.9.51 everything works as expected: I can log in as “test” and wander around at will, but I get an error whenever I try to change any setting.
On 3.11 when I enter the login data I get a redirect to http://rou.ter.ip.addr/cfg?page=qsetup&page_num=0, which gives a “connection refused” error (looking at the traffic, the router simply sends a TCP RST).
After poking around a little bit it turned out that the only way to solve this is by giving the user the “write” permission (which definitely looks like a bug).
I also tried with 3.0, 3.7 and 3.9: all fail in the same way.
Hardware is an RB333 with a completely clean config – I just assigned an IP to ether1 and created the user and group.
I did a search on the forums and it doesn’t seem this has come up before.
I tried this on my own router (x86) and it gives the exact same error. I then tried it on a router running 3.10 and with read & web rights the test user can login without a problem.
To further add to this, as I was trying to log my test user into the 3.11 router, it emailed me an autosupout.rif which I guess indicated it’s not a happy chappy.
I really don’t encourage you to use the web interface now, it is much better to use winbox or ssh. We will work on a much improved web control page, as currently it is very limited.
I don’t use the web interface for management and configuration, either, since it only allows basic operations and tends to mess up things all the time; to me it doesn’t really matter, since winbox works well for this purpose.
However, I find that allowing limited (read-only) web access to the customer in our CPE products is a good way to provide diagnostic and status information without exposing the user to the complexity of winbox or a command-line environment.
I am not asking for new functionality – I’d just like things to work as expected
BTW, we also did some tests on an RB411 (with 3.11): most of the time we saw the same behavior (connection reset), but in at least one case we got an error page (“insufficient permissions” or something like that); in this case doing a refresh in the browser resulted in a successful access, but the CPU load increased to 100% and stayed there until we turned the unit off.
