Website Protection will not work witch wildcards, otherwise Script will not work. Topic is solved

[daPeda]

Hello together,

My Domoticz installation has the following problem:
I want to enable the web pages protection, so I need a password, provided that no IP address from the local network access.
Unfortunately, this does not work with the following scheme: 192.168.1. *. On the other hand, if I enter all the devices that are to access the local network via entry 192.168.1.10, 192.168.1.20, 192.168.1.22, 192.168.1.25 the disadvantage is that a shell script will not work. Error: http://192.168.1.174:8080/json.htm?type ... &svalue=73
<html> <head> <title> Unauthorized </ title> </ head> <body> <h1> 401 Unauthorized </ h1> </ body> </ html> EXEC
Script from this thread: https://easydomoticz.com/forum/viewtopi ... =17&t=8246
If I enter here 127.0.0.1, or 192.168.1.174 (Domoticz IP) nothing changes.

Therefore my questions:
which cause can have it that e.g. 192.168.1. * Does not work?
Can i call the login of http://192.168.1.174:8080/json.htm?type ... &svalue=73?
Domoticz is installed on Raspbian Buster on a Raspberry Pi 2.
Domotucz is version 4.10717

I would be glad, if I would get a hint here.
Oh yes, I'm actually from the Windows world, Linux and Co are not my favorite operating systems

Thank you in advance!

Best regards,
Peter

[waaren]

I want to enable the web pages protection, so I need a password, provided that no IP address from the local network access.
Unfortunately, this does not work with the following scheme: 192.168.1. *

There is a space before the * that should not be there. If it still does not work after removing the space you could try 127.0.*

[daPeda]

Hi waaren,

thanks for your support.

in Domoticz there´s no space in front of *, it´s simply a Typo in this Post. Sorry.
my current setting:
192.168.1.54;192.168.1.187;192.168.1.52;192.168.1.55;192.168.1.73;192.168.1.74;127.0.0.1

if i add 127.0.0.* or 127.0.* or 192.168.1.* or any other with * password protection is disabled.
i think i have to set fixed ip for devices to use Domoticz...

Peter

[waaren]

if i add 127.0.0.* or 127.0.* or 192.168.1.* or any other with * password protection is disabled.
i think i have to set fixed ip for devices to use Domoticz...

The whole idea of this field is to remove password protection for all sessions originated from these (wildcarded) IP's (which are on your local network)

[daPeda]

I can access Domoticz via NAT from external. But if I use wildcards, external addresses without password can also be accessed.
That's the point.

I entered 127.0.0. *; 192.168.1. * and no external password is required, for example from the smartphone.
If i use 192.168.1.54; 192.168.1.187; 192.168.1.52; 192.168.1.55; 192.168.1.73; 192.168.1.74; 127.0.0.1, it works fine.

[zicht]

Hi

This is due to including you router internall adress.
Domoticz will see your router as entry point on the lan. This is how the internal net work will see the connection due to NAT.
So indeed if you want to protect external you need to exclude the router. (I dont see any reason why the router should be in the pw free pool, but maybe that is situation specific. Normally you dont loopback true router on the lan)

Next you can setup some mechanisme to solve this.
1. Setup a reverse proxy that is connectable from the outside. Use a strong password on the proxy and leave domoticz without password.
2. For scripts with http://192.168.1.xxx:8080/json.htm?type ... &svalue=73 you can include passwords in the url, Just do not forget to hash them (MD5) see domoticz json url wiki for that. That solves all acces denied errors https://www.domoticz.com/wiki/Domoticz_ ... horization

or

3. Setup DHCP reseved adresses for the most common users(devices) of domoticz and set only these in the setting page : this way your guests need password but known devices don't
4. Use a differen VLan if supported. In my case the base IP will be the originating adress (192,168.0.1) and that is on a different subnet. (192.168.1.x)

I have it working this way and it fullfills all my needs. Hope it helps you too


Note : Allways be very carefull when connection domoticz to the internet. (Make sure you have the right protection in place)

[daPeda]

Ok, then I'm working with fixed IP addresses for the devices, that's easier, I think.

Thank you for your detailed information.

Peter