Restrict Web Control Panel et al to 192.168.7.2

Discussion in 'UDOO NEO' started by Lothar, Aug 8, 2016.

  1. Lothar

    Lothar New Member

    Joined:
    Aug 8, 2016
    Messages:
    13
    Likes Received:
    5
    Hi,

    I use a NEO Extended and have USB and WiFi connected. The Web Control Panel and - I assume - the port for uploading sketches is available via the WiFi-interface. I looked through the documentation but haven't found any description how to restrict it.
     
  2. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
  3. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
    Or you don't want to have anyone that has access to the webpage of the Neo to upload sketches?
     
  4. Lothar

    Lothar New Member

    Joined:
    Aug 8, 2016
    Messages:
    13
    Likes Received:
    5
    I don't want that users sharing the WiFi the NEO is connected to, to have access to any resources of the NEO that allow to do internal stuff like changing passwords of root and the normal user or uploading sketches. I need the WiFi-connection for the application I've got in mind, though, so deactivating WiFi isn't an option.

    Of course I could restrict access via iptables but if I can keep the server-processes from listening on that interface, I'd prefer that.
     
  5. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
  6. Lothar

    Lothar New Member

    Joined:
    Aug 8, 2016
    Messages:
    13
    Likes Received:
    5
  7. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
    I think via Listen settings in the http.conf file of the web server.

    All interfaces:
    Listen 80
    Specific IP only:
    Listen 192.168.7.0:80
     
    Last edited: Aug 11, 2016
  8. Lothar

    Lothar New Member

    Joined:
    Aug 8, 2016
    Messages:
    13
    Likes Received:
    5
    AFAIK the web control panel doesn't use Apache but Node.js, but I tried to find the configuration file:

    Code:
    udooer@udooneo:/$ sudo bash
    [sudo] password for udooer:
    root@udooneo:/# cd /
    root@udooneo:/# find -name http.conf
    root@udooneo:/# find -name httpd.conf
    root@udooneo:/#
    
    No such file. It seems that I really have to set up iptable-rules to keep people out of NEO's internals.
     
    waltervl likes this.
  9. waltervl

    waltervl UDOOer

    Joined:
    Dec 12, 2015
    Messages:
    2,314
    Likes Received:
    580
    You could change the node script in /opt/udoo-web-conf/bin/www
    line 62: server.listen(port);
    change in
    server.listen(port, '192.168.7.2');
    It will now only listen from clients coming from that IP (tested it myself)
     
    Andrea Rovai and ektor5 like this.

Share This Page