Website Protection will not work witch wildcards, otherwise Script will not work. Topic is solved

Topics (not sure which fora)
when not sure where to post, post here and mods will move it to right forum.

Moderators: leecollings, remb0

Post Reply
daPeda
Posts: 7
Joined: Thursday 15 August 2019 1:21
Target OS: Linux
Domoticz version: 2021.1
Contact:

Website Protection will not work witch wildcards, otherwise Script will not work.

Post by daPeda »

Hello together,

My Domoticz installation has the following problem:
I want to enable the web pages protection, so I need a password, provided that no IP address from the local network access.
Unfortunately, this does not work with the following scheme: 192.168.1. *. On the other hand, if I enter all the devices that are to access the local network via entry 192.168.1.10, 192.168.1.20, 192.168.1.22, 192.168.1.25 the disadvantage is that a shell script will not work. Error: http://192.168.1.174:8080/json.htm?type ... &svalue=73
<html> <head> <title> Unauthorized </ title> </ head> <body> <h1> 401 Unauthorized </ h1> </ body> </ html> EXEC
Script from this thread: https://easydomoticz.com/forum/viewtopi ... =17&t=8246
If I enter here 127.0.0.1, or 192.168.1.174 (Domoticz IP) nothing changes.

Therefore my questions:
which cause can have it that e.g. 192.168.1. * Does not work?
Can i call the login of http://192.168.1.174:8080/json.htm?type ... &svalue=73?
Domoticz is installed on Raspbian Buster on a Raspberry Pi 2.
Domotucz is version 4.10717

I would be glad, if I would get a hint here.
Oh yes, I'm actually from the Windows world, Linux and Co are not my favorite operating systems ;-)

Thank you in advance!

Best regards,
Peter
User avatar
waaren
Posts: 6028
Joined: Tuesday 03 January 2017 14:18
Target OS: Linux
Domoticz version: Beta
Location: Netherlands
Contact:

Re: Website Protection will not work witch wildcards, otherwise Script will not work.

Post by waaren »

daPeda wrote: Wednesday 28 August 2019 23:07 I want to enable the web pages protection, so I need a password, provided that no IP address from the local network access.
Unfortunately, this does not work with the following scheme: 192.168.1. *
There is a space before the * that should not be there. If it still does not work after removing the space you could try 127.0.*
Debian buster, bullseye on RPI-4, Intel NUC.
dz Beta, Z-Wave, RFLink, RFXtrx433e, P1, Youless, Hue, Yeelight, Xiaomi, MQTT
==>> dzVents wiki
daPeda
Posts: 7
Joined: Thursday 15 August 2019 1:21
Target OS: Linux
Domoticz version: 2021.1
Contact:

Re: Website Protection will not work witch wildcards, otherwise Script will not work.

Post by daPeda »

Hi waaren,

thanks for your support.

in Domoticz there´s no space in front of *, it´s simply a Typo in this Post. Sorry.
my current setting:
192.168.1.54;192.168.1.187;192.168.1.52;192.168.1.55;192.168.1.73;192.168.1.74;127.0.0.1

if i add 127.0.0.* or 127.0.* or 192.168.1.* or any other with * password protection is disabled.
i think i have to set fixed ip for devices to use Domoticz...

Peter
User avatar
waaren
Posts: 6028
Joined: Tuesday 03 January 2017 14:18
Target OS: Linux
Domoticz version: Beta
Location: Netherlands
Contact:

Re: Website Protection will not work witch wildcards, otherwise Script will not work.

Post by waaren »

daPeda wrote: Wednesday 28 August 2019 23:49 if i add 127.0.0.* or 127.0.* or 192.168.1.* or any other with * password protection is disabled.
i think i have to set fixed ip for devices to use Domoticz...
The whole idea of this field is to remove password protection for all sessions originated from these (wildcarded) IP's (which are on your local network)
Debian buster, bullseye on RPI-4, Intel NUC.
dz Beta, Z-Wave, RFLink, RFXtrx433e, P1, Youless, Hue, Yeelight, Xiaomi, MQTT
==>> dzVents wiki
daPeda
Posts: 7
Joined: Thursday 15 August 2019 1:21
Target OS: Linux
Domoticz version: 2021.1
Contact:

Re: Website Protection will not work witch wildcards, otherwise Script will not work.

Post by daPeda »

I can access Domoticz via NAT from external. But if I use wildcards, external addresses without password can also be accessed.
That's the point.

I entered 127.0.0. *; 192.168.1. * and no external password is required, for example from the smartphone.
If i use 192.168.1.54; 192.168.1.187; 192.168.1.52; 192.168.1.55; 192.168.1.73; 192.168.1.74; 127.0.0.1, it works fine.
zicht
Posts: 251
Joined: Sunday 11 May 2014 11:09
Target OS: Windows
Domoticz version: 2023.1+
Location: NL
Contact:

Re: Website Protection will not work witch wildcards, otherwise Script will not work.

Post by zicht »

Hi

This is due to including you router internall adress.
Domoticz will see your router as entry point on the lan. This is how the internal net work will see the connection due to NAT.
So indeed if you want to protect external you need to exclude the router. (I dont see any reason why the router should be in the pw free pool, but maybe that is situation specific. Normally you dont loopback true router on the lan)

Next you can setup some mechanisme to solve this.
1. Setup a reverse proxy that is connectable from the outside. Use a strong password on the proxy and leave domoticz without password.
2. For scripts with http://192.168.1.xxx:8080/json.htm?type ... &svalue=73 you can include passwords in the url, Just do not forget to hash them (MD5) see domoticz json url wiki for that. That solves all acces denied errors https://www.domoticz.com/wiki/Domoticz_ ... horization

or

3. Setup DHCP reseved adresses for the most common users(devices) of domoticz and set only these in the setting page : this way your guests need password but known devices don't
4. Use a differen VLan if supported. In my case the base IP will be the originating adress (192,168.0.1) and that is on a different subnet. (192.168.1.x)

I have it working this way and it fullfills all my needs. Hope it helps you too


Note : Allways be very carefull when connection domoticz to the internet. (Make sure you have the right protection in place)
Rpi & Win x64. Using : cam's,RFXCom, LaCrosse, RFY, HuE, google, standard Lua, Tasker, Waze traveltime, NLAlert&grip2+,curtains, vacuum, audioreceiver, smart-heating&cooling + many more (= automate all repetitive simple tasks)
daPeda
Posts: 7
Joined: Thursday 15 August 2019 1:21
Target OS: Linux
Domoticz version: 2021.1
Contact:

Re: Website Protection will not work witch wildcards, otherwise Script will not work.

Post by daPeda »

Ok, then I'm working with fixed IP addresses for the devices, that's easier, I think.

Thank you for your detailed information.

Peter
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests