Page 1 of 1
HTTP protocol security
Posted: 01 Dec 2021, 15:54
by ili
Hello, sorry for newbie question, but I am the newbie. And I've failed to find the answer for obvious question: How can I secure
HTTP command protocol
I do mean everybody can send
Code: Select all
http://<espeasyip>/control?cmd=<command>
and there are should be a possibility to use password to protect requests, but how? Maybe basic auth or some secure parameters...
Re: HTTP protocol security
Posted: 01 Dec 2021, 16:00
by Ath
Please do not use that old documentation, the current documentation can be found here:
https://espeasy.readthedocs.io/en/latest/
Re: HTTP protocol security
Posted: 02 Dec 2021, 07:02
by ili
Thanks, but the same, i do see some examples, but can't find how to secure call to http://<espeasyip>/control?cmd=<command>
(
Re: HTTP protocol security
Posted: 02 Dec 2021, 07:58
by Ath
You can set an admin password on the unit, that will limit access to parts of the UI, but you can't lock it completely.
AFAIK, you can use basic authentication to get access to passworded sections, but I do not use that myself, currently, so I'm not up to speed on that part.
This is something that is planned for 'future improvement', but not completed.
Re: HTTP protocol security
Posted: 02 Dec 2021, 10:27
by TD-er
You can also add an IP-filter on the "Config" tab.
Re: HTTP protocol security
Posted: 06 Dec 2021, 09:39
by ili
Ath wrote: ↑02 Dec 2021, 07:58
You can set an admin password on the unit, that will limit access to parts of the UI, but you can't lock it completely.
AFAIK, you can use basic authentication to get access to passworded sections, but I do not use that myself, currently, so I'm not up to speed on that part.
This is something that is planned for 'future improvement', but not completed.
I'v tried to set the password, but http://<espeasyip>/control?cmd=<command> works without auth... i'ts really the bit of pain... should i post or vote feature request on GitHub?...
Re: HTTP protocol security
Posted: 06 Dec 2021, 09:40
by ili
TD-er wrote: ↑02 Dec 2021, 10:27
You can also add an IP-filter on the "Config" tab.
Yep, IP/MAC/etc filter is not my case
Re: HTTP protocol security
Posted: 06 Dec 2021, 09:51
by Ath
ili wrote: ↑06 Dec 2021, 09:39
should i post or vote feature request on GitHub?...
There is already a Github issue for that,
over here
You could add a comment to push attention up a little.
Re: HTTP protocol security
Posted: 06 Dec 2021, 10:29
by ili
Ath wrote: ↑06 Dec 2021, 09:51
There is already a Github issue for that,
over here
You could add a comment to push attention up a little.
Thanks, done!
