BUG: DDNS (changes proxy flag)

[oldhouse]

The Asustor DDNS service keeps changing the proxy flag on my DNS A Record for my domain to "false" every time a DDNS refresh is done ("proxied": false).
(I'm using cloudflare.com as my DDNS provider but it obviously will affect other DDNS providers as well)

This is a security issue because by changing the proxied flag to false, it is no longer possible to access the server over HTTPS.

How to replicate:
-Use a DDNS provider like cloudflare
-Set your DNS A record to Proxied (so you can access your Austor over a secure connection (HTTPS)
-Verify it works (by accessing your asustor by going to https://yourdomain.com:yourHttpPort
-On your Asustor: Go to Settings>Manual Connect>DDNS>Refresh (bottom of the page)
-Check your DNS A record from your DDNS provider again and you will see that your Asustor disabled the "proxied setting" (Changed the flag from "proxied": true to "proxied": false)
-Verify that you can no longer access your Austor server over HTTPS (by accessing your asustor by going to https://yourdomain.com:yourHttpPort

How to fix.
Option 1: The ASUSTOR DDNS should not change the proxied flag of the DDNS provider or set it to "true".
Option 2: Add a setting in ASUSTOR DDNS to set the proxy flag manually

[father.mande]

Hi,
This forum is a user forum with limited (very) participation of Asustor team.

The best for a bug, is to open a ticket to the support ...
https://member.asustor.com/login

Philippe.

[oldhouse]

Thanks, already did a few months ago, but it hasn't been fixed in the last update.... I hope they fix it soon as it is problematic because it switches your main url from https to http everytime the A record is automatically updated (DDNS every 30mins or whatever update interval you have chosen). In other words, you go from a secure connection to an unsecured connection without warning...

[snapshot]

I doubt much effort is going in to ADM 4.3 these days as 5.0 is probably the main interest. It probably won't be very long before it's generally released as a few of us have proved it works on several models across the x86 platform

[oldhouse]

Still not fixed. This is a potentially serious security issue. Whenever it updates the IP (DDNS), Asustor sets the "proxy flag" wrong and therefore turns of the cloudflare proxy setting (for the loudflare DNS A record). This reveals the ip address of your NAS to the world. Others have reported on this too... I found posts that are over 2 years old and it is still not fixed....

[oldhouse]

Here is a screenshot of the cloudflare audit log.
It shows the values submitted by ADM 5.0 over the cloudflare API as it updates the ip of the A record.
It contains a proxy flag value which turns the proxy setting in cloudflare off as you can see in the screenshot. ADM 5.0 should not change the proxy setting... this is obviously dangerous.