Hello together,
My Domoticz installation has the following problem:
I want to enable the web pages protection, so I need a password, provided that no IP address from the local network access.
Unfortunately, this does not work with the following scheme: 192.168.1. *. On the other hand, if I enter all the devices that are to access the local network via entry 192.168.1.10, 192.168.1.20, 192.168.1.22, 192.168.1.25 the disadvantage is that a shell script will not work. Error: http://192.168.1.174:8080/json.htm?type ... &svalue=73
<html> <head> <title> Unauthorized </ title> </ head> <body> <h1> 401 Unauthorized </ h1> </ body> </ html> EXEC
Script from this thread: https://easydomoticz.com/forum/viewtopi ... =17&t=8246
If I enter here 127.0.0.1, or 192.168.1.174 (Domoticz IP) nothing changes.
Therefore my questions:
which cause can have it that e.g. 192.168.1. * Does not work?
Can i call the login of http://192.168.1.174:8080/json.htm?type ... &svalue=73?
Domoticz is installed on Raspbian Buster on a Raspberry Pi 2.
Domotucz is version 4.10717
I would be glad, if I would get a hint here.
Oh yes, I'm actually from the Windows world, Linux and Co are not my favorite operating systems
Thank you in advance!
Best regards,
Peter
Website Protection will not work witch wildcards, otherwise Script will not work. Topic is solved
Moderators: leecollings, remb0
- waaren
- Posts: 6028
- Joined: Tuesday 03 January 2017 14:18
- Target OS: Linux
- Domoticz version: Beta
- Location: Netherlands
- Contact:
Re: Website Protection will not work witch wildcards, otherwise Script will not work.
There is a space before the * that should not be there. If it still does not work after removing the space you could try 127.0.*
Debian buster, bullseye on RPI-4, Intel NUC.
dz Beta, Z-Wave, RFLink, RFXtrx433e, P1, Youless, Hue, Yeelight, Xiaomi, MQTT
==>> dzVents wiki
dz Beta, Z-Wave, RFLink, RFXtrx433e, P1, Youless, Hue, Yeelight, Xiaomi, MQTT
==>> dzVents wiki
-
- Posts: 7
- Joined: Thursday 15 August 2019 1:21
- Target OS: Linux
- Domoticz version: 2021.1
- Contact:
Re: Website Protection will not work witch wildcards, otherwise Script will not work.
Hi waaren,
thanks for your support.
in Domoticz there´s no space in front of *, it´s simply a Typo in this Post. Sorry.
my current setting:
192.168.1.54;192.168.1.187;192.168.1.52;192.168.1.55;192.168.1.73;192.168.1.74;127.0.0.1
if i add 127.0.0.* or 127.0.* or 192.168.1.* or any other with * password protection is disabled.
i think i have to set fixed ip for devices to use Domoticz...
Peter
thanks for your support.
in Domoticz there´s no space in front of *, it´s simply a Typo in this Post. Sorry.
my current setting:
192.168.1.54;192.168.1.187;192.168.1.52;192.168.1.55;192.168.1.73;192.168.1.74;127.0.0.1
if i add 127.0.0.* or 127.0.* or 192.168.1.* or any other with * password protection is disabled.
i think i have to set fixed ip for devices to use Domoticz...
Peter
- waaren
- Posts: 6028
- Joined: Tuesday 03 January 2017 14:18
- Target OS: Linux
- Domoticz version: Beta
- Location: Netherlands
- Contact:
Re: Website Protection will not work witch wildcards, otherwise Script will not work.
The whole idea of this field is to remove password protection for all sessions originated from these (wildcarded) IP's (which are on your local network)
Debian buster, bullseye on RPI-4, Intel NUC.
dz Beta, Z-Wave, RFLink, RFXtrx433e, P1, Youless, Hue, Yeelight, Xiaomi, MQTT
==>> dzVents wiki
dz Beta, Z-Wave, RFLink, RFXtrx433e, P1, Youless, Hue, Yeelight, Xiaomi, MQTT
==>> dzVents wiki
-
- Posts: 7
- Joined: Thursday 15 August 2019 1:21
- Target OS: Linux
- Domoticz version: 2021.1
- Contact:
Re: Website Protection will not work witch wildcards, otherwise Script will not work.
I can access Domoticz via NAT from external. But if I use wildcards, external addresses without password can also be accessed.
That's the point.
I entered 127.0.0. *; 192.168.1. * and no external password is required, for example from the smartphone.
If i use 192.168.1.54; 192.168.1.187; 192.168.1.52; 192.168.1.55; 192.168.1.73; 192.168.1.74; 127.0.0.1, it works fine.
That's the point.
I entered 127.0.0. *; 192.168.1. * and no external password is required, for example from the smartphone.
If i use 192.168.1.54; 192.168.1.187; 192.168.1.52; 192.168.1.55; 192.168.1.73; 192.168.1.74; 127.0.0.1, it works fine.
-
- Posts: 251
- Joined: Sunday 11 May 2014 11:09
- Target OS: Windows
- Domoticz version: 2023.1+
- Location: NL
- Contact:
Re: Website Protection will not work witch wildcards, otherwise Script will not work.
Hi
This is due to including you router internall adress.
Domoticz will see your router as entry point on the lan. This is how the internal net work will see the connection due to NAT.
So indeed if you want to protect external you need to exclude the router. (I dont see any reason why the router should be in the pw free pool, but maybe that is situation specific. Normally you dont loopback true router on the lan)
Next you can setup some mechanisme to solve this.
1. Setup a reverse proxy that is connectable from the outside. Use a strong password on the proxy and leave domoticz without password.
2. For scripts with http://192.168.1.xxx:8080/json.htm?type ... &svalue=73 you can include passwords in the url, Just do not forget to hash them (MD5) see domoticz json url wiki for that. That solves all acces denied errors https://www.domoticz.com/wiki/Domoticz_ ... horization
or
3. Setup DHCP reseved adresses for the most common users(devices) of domoticz and set only these in the setting page : this way your guests need password but known devices don't
4. Use a differen VLan if supported. In my case the base IP will be the originating adress (192,168.0.1) and that is on a different subnet. (192.168.1.x)
I have it working this way and it fullfills all my needs. Hope it helps you too
Note : Allways be very carefull when connection domoticz to the internet. (Make sure you have the right protection in place)
This is due to including you router internall adress.
Domoticz will see your router as entry point on the lan. This is how the internal net work will see the connection due to NAT.
So indeed if you want to protect external you need to exclude the router. (I dont see any reason why the router should be in the pw free pool, but maybe that is situation specific. Normally you dont loopback true router on the lan)
Next you can setup some mechanisme to solve this.
1. Setup a reverse proxy that is connectable from the outside. Use a strong password on the proxy and leave domoticz without password.
2. For scripts with http://192.168.1.xxx:8080/json.htm?type ... &svalue=73 you can include passwords in the url, Just do not forget to hash them (MD5) see domoticz json url wiki for that. That solves all acces denied errors https://www.domoticz.com/wiki/Domoticz_ ... horization
or
3. Setup DHCP reseved adresses for the most common users(devices) of domoticz and set only these in the setting page : this way your guests need password but known devices don't
4. Use a differen VLan if supported. In my case the base IP will be the originating adress (192,168.0.1) and that is on a different subnet. (192.168.1.x)
I have it working this way and it fullfills all my needs. Hope it helps you too
Note : Allways be very carefull when connection domoticz to the internet. (Make sure you have the right protection in place)
Rpi & Win x64. Using : cam's,RFXCom, LaCrosse, RFY, HuE, google, standard Lua, Tasker, Waze traveltime, NLAlert&grip2+,curtains, vacuum, audioreceiver, smart-heating&cooling + many more (= automate all repetitive simple tasks)
-
- Posts: 7
- Joined: Thursday 15 August 2019 1:21
- Target OS: Linux
- Domoticz version: 2021.1
- Contact:
Re: Website Protection will not work witch wildcards, otherwise Script will not work.
Ok, then I'm working with fixed IP addresses for the devices, that's easier, I think.
Thank you for your detailed information.
Peter
Thank you for your detailed information.
Peter
Who is online
Users browsing this forum: No registered users and 0 guests