HTTP protocol security

Moderators: grovkillen, Stuntteam, TD-er

Post Reply
Message
Author
ili
New user
Posts: 5
Joined: 01 Dec 2021, 15:44

HTTP protocol security

#1 Post by ili » 01 Dec 2021, 15:54

Hello, sorry for newbie question, but I am the newbie. And I've failed to find the answer for obvious question: How can I secure HTTP command protocol

I do mean everybody can send

Code: Select all

http://<espeasyip>/control?cmd=<command>
and there are should be a possibility to use password to protect requests, but how? Maybe basic auth or some secure parameters...

User avatar
Ath
Normal user
Posts: 3416
Joined: 10 Jun 2018, 12:06
Location: NL

Re: HTTP protocol security

#2 Post by Ath » 01 Dec 2021, 16:00

Please do not use that old documentation, the current documentation can be found here: https://espeasy.readthedocs.io/en/latest/
/Ton (PayPal.me)

ili
New user
Posts: 5
Joined: 01 Dec 2021, 15:44

Re: HTTP protocol security

#3 Post by ili » 02 Dec 2021, 07:02

Ath wrote: 01 Dec 2021, 16:00 Please do not use that old documentation, the current documentation can be found here: https://espeasy.readthedocs.io/en/latest/
Thanks, but the same, i do see some examples, but can't find how to secure call to http://<espeasyip>/control?cmd=<command> :((

User avatar
Ath
Normal user
Posts: 3416
Joined: 10 Jun 2018, 12:06
Location: NL

Re: HTTP protocol security

#4 Post by Ath » 02 Dec 2021, 07:58

You can set an admin password on the unit, that will limit access to parts of the UI, but you can't lock it completely.
AFAIK, you can use basic authentication to get access to passworded sections, but I do not use that myself, currently, so I'm not up to speed on that part.

This is something that is planned for 'future improvement', but not completed.
/Ton (PayPal.me)

TD-er
Core team member
Posts: 8643
Joined: 01 Sep 2017, 22:13
Location: the Netherlands
Contact:

Re: HTTP protocol security

#5 Post by TD-er » 02 Dec 2021, 10:27

You can also add an IP-filter on the "Config" tab.

ili
New user
Posts: 5
Joined: 01 Dec 2021, 15:44

Re: HTTP protocol security

#6 Post by ili » 06 Dec 2021, 09:39

Ath wrote: 02 Dec 2021, 07:58 You can set an admin password on the unit, that will limit access to parts of the UI, but you can't lock it completely.
AFAIK, you can use basic authentication to get access to passworded sections, but I do not use that myself, currently, so I'm not up to speed on that part.

This is something that is planned for 'future improvement', but not completed.
I'v tried to set the password, but http://<espeasyip>/control?cmd=<command> works without auth... i'ts really the bit of pain... should i post or vote feature request on GitHub?...

ili
New user
Posts: 5
Joined: 01 Dec 2021, 15:44

Re: HTTP protocol security

#7 Post by ili » 06 Dec 2021, 09:40

TD-er wrote: 02 Dec 2021, 10:27 You can also add an IP-filter on the "Config" tab.
Yep, IP/MAC/etc filter is not my case :(

User avatar
Ath
Normal user
Posts: 3416
Joined: 10 Jun 2018, 12:06
Location: NL

Re: HTTP protocol security

#8 Post by Ath » 06 Dec 2021, 09:51

ili wrote: 06 Dec 2021, 09:39 should i post or vote feature request on GitHub?...
There is already a Github issue for that, over here
You could add a comment to push attention up a little.
/Ton (PayPal.me)

ili
New user
Posts: 5
Joined: 01 Dec 2021, 15:44

Re: HTTP protocol security

#9 Post by ili » 06 Dec 2021, 10:29

Ath wrote: 06 Dec 2021, 09:51 There is already a Github issue for that, over here
You could add a comment to push attention up a little.
Thanks, done! :)

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 33 guests