Jump to content
View in the app

A better way to browse. Learn more.
Universal Devices Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How can I allow unauthenticated access from my local network?

dmazan
in ISY994

Featured Replies

Posted

I have a bunch of devices on my local network where I'd like to have open access to lighting control (and no administrative access).  How can I allow non-administrative access from my local network without having to sign on?

I have a bunch of devices on my local network where I'd like to have open access to lighting control (and no administrative access).  How can I allow non-administrative access from my local network without having to sign on?

There is no supported way to do this with just the ISY by itself.

 

Do you have any sort of a server on your local network, something like a Raspberry Pi or another Unix-like machine that is always on?   If so, you can make this work by running a listener on that machine that forwards lighting commands but blocks admin commands.

 

It's not trivial, but it is possible.

  • Author

Thanks for the ideas.  I currently have multiple locations with multiple Windows boxes running HomeSeer.  The idea with the ISY is to reduce complexity and the number of potential failure points.  Writing my own interface to replace one that I paid money for isn't in the cards.

 

Hopefully the ISY will become a fully usable production out of the box.

I didn't write my own interface.

 

You can expose the REST interface with Transparent ISY Proxy running on a RaspberryPi.

 

https://sites.google.com/site/isyajax/other-tools-php-code

That's basically what I did;   took a commercially available proxy and wrote about 5 lines of configuration settings to:

  1. Deny requests for admin
  2. Deny requests not coming from specific internal IPs
  3. Permit requests for the WebUI and certain REST commands (RunIf, RunThen, etc).
  4. Insert an authentication header with the ISY username,password.
  5. forward permitted requests to the ISY.

Took me about an hour to set up and test.

  • Author

I understand.  Something just strikes me as wrong about adding a piece of hardware and spending time configuring some software because a piece of commercial equipment is missing a pretty basic feature.  (Okay maybe it's not basic but Homeseer and several other HA products I've looked at as replacement do.)

 

The ISY is the most competent system I've worked with in terms of interfacing with the devices--much better than Homeseer.  I just wish it was better at interfacing with the humans.  I may try MisterHouse on that RasperryPi.

I've gotten used to it.  Might even say I've gotten so good at working around it that I've stopped taing notice.

 

The sentence "adding a piece of hardware and spending time configuring some software because a piece of commercial equipment is missing a pretty basic feature" describes a significant source of my income for the past two decades.   If you think it's annoying to spend a couple hundred bucks and find out the features you need are not only not implemented but aren't on the vendor's roadmap, imagine how corporate directors feel when that happens in relation to a six figure software package?

 

I'm not saying it's the way things should be, but it's a living.

Hi dmazan,

 

Thanks so very much for the feedback. I think we are a little paranoid when it comes to security and perhaps to a fault. In 5.0.x we have already added support for multi-user. I am going to checkout and see whether or not we can make one not require any passwords WITH BIG WARNINGS AND DISCLAIMERS!

 

With kind regards,

Michel

  • Author

That would be great.  Remember that access without a password would be restricted to source IP addresses on the local network(s) (preferred to be entered as a parameter list as there may be multiple local LAN subnets or remote LAN subnets via VPN, as opposed to allowing access based only on the Universal Device's LAN configuration). 

 

Although it is technically feasible to spoof a LAN IP, no self-respecting firewall is going to pass a packet on it's WAN port that claims to be from it's LAN port.  Granted, there might be a compromised inside host but (a) that's not on you and (B) nobody is doing that to to gain control of my lighting.

No one looking for profit will play with your ISY controlled devices, but there are those who do it for fun, not funds.

Guest
This topic is now closed to further replies.
Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.