Jump to content

Protect /WEB/INDEX.HTM ?


oatflake

Recommended Posts

Hi! Just a secure paranoia question:

 

I noticed that the main /WEB/INDEX.HTM page is *not* http authenticated. The subsequent pages it calls is, but the base level page, if exposed to the internet, exposes that this port hosts the ISY-99i.

 

I would like to know if it's possible to configure the ISY-99i to make sure that even *this* main page (and ideally, even the redirect page in / that points to /WEB/INDEX.HTM) can be password protected to keep people who are snooping for these devices on the internet from attempting more attacks.

 

We don't know of any security exploits now, but I worry that someone may use this information to figure out that I have this device and then narrow their attacking methods.

Link to comment
Hello oatflake,

 

There are very many files in /WEB that should not be password protected otherwise the Admin Console (and UPnP) will not find ISY on the network.

 

Perhaps we can make only INDEX.HTM password protected?

 

With kind regards,

Michel

 

Aha, I see - I presume the reason the Admin Console can't handle this is because it doesn't do http auth?

 

One other options I was considering was placing my ISY-99i behind my own SSL proxy like Pound, and setting up my own http authentication such as through haproxy - I actually tried this, but that explains why I couldn't get the Admin Console to work (the normal webpages worked fine).

 

I actually do have a suitable work-around right now; I simply block all access through my firewall and connect to my ISY-99i using an ssh tunnel. It's not ideal because it means I can only access it through a computer that has ssh setup, and I really like using my android phone web browser to check in on things.

 

I guess for now protecting INDEX.HTM is probably the simplest thing. Does that require a firmware update, or is there a way I can tweak the settings myself?

Link to comment
Guest
This topic is now closed to further replies.

  • Recently Browsing

    • No registered users viewing this page.
  • Who's Online (See full list)

    • There are no registered users currently online
  • Forum Statistics

    • Total Topics
      37k
    • Total Posts
      371k
×
×
  • Create New...