wiki:WebIf

Version 35 (modified by alno, 10 years ago) (diff)

--

Webinterface

!!! Important !!! The Webinterface uses only simple authentication. This authentication is not secure enough for usage from outside of your LAN because the complete traffic including your user-id and password is sent in plain text. An Intruder could take over the whole management of your system. If you plan to use the webinterface via internet it is highly recommended to do it via a SSL secured reverse proxy like Apache. Everything else is very critical. If you redistribute binaries from this branch - please inform the recipient about that!

Information and discussion about the developement of Webinterface you find here: http://streamboard.gmc.to/wbb2/thread.php?goto=firstnew&threadid=26719

Features

Already implemented:

.) Edit User Config (Read & Write)
.) Edit Services (Read & Write)

Work in progress:

.) Edit Global Config (Read Ok, Write Ok, Update only after restart)
.) Edit Readers (Read Ok (not all parameters yet), Write NOk)

Checkout Streamboard OSCam trunk

svn co http://streamboard.gmc.to/svn/oscam/trunk <checkout-directory>

Please note: Always do a "make clean" before building the executable!

If you can´t build - here you can find binaries for many platforms: http://streamboard.gmc.to/wbb2/board.php?boardid=236

Parameters for Webinterface

Settings have to be done in the [webif] section of oscam.conf

httpport             - Port for Webinterface (mandatory)
httpuser             - Username (needed for password protection)
httppwd              - Password (needed for password protection)
httpcss              - Path of external CSS File (optional)
httptpl              - Path of external Templates (optional)
httprefresh          - Status refresh in seconds (optional)
httphideidleclients  - 0|1 enables hiding clients after idletime set in parameter hideclient_to (optional)
httpscript           - define a path to an executable script which you wish to start from Webinterface (optional)
httpallowed          - IP/IP-range(s) which is allowed connect the webinterface from. For syntax check oscam documentation

Template System

The Oscam webinterface allows you to create your own pages. To get the original tempates to start development request the non-linked page "savetemplates.html" Oscam will store this template files in the directory specified in "httptpl"

Using Apache to proxy requests to OSCam

The Apache module mod_proxy can be used to proxy requests from the Internet to an OSCam server. With this module it is possible to add additional security (SSL) to the OScam connection. For "howto set up Apache with SSL" please consult the Apache documentation.

ProxyRequests Off
      <Proxy *>
              Order deny,allow
              Allow from all
      </Proxy>
      ProxyPass /oscam/ http://localhost:8080/
      ProxyPassReverse /oscam/ http://localhost:8080/

OSCam Configuration Examples

If you are searching for tested Configuration Examples for various Platforms you can find them here:

http://www.streamboard.gmc.to/wbb2/thread.php?threadid=26659

Known limitations

.) Safari Browser (Macbook, Snow Tiger, Iphone) - No Login possible

This is a bug in Safari which does not correctly handle the "stale" flag at the first login (like it should according to RFC). The authentication uses a nonce to fight replay attacks. The nonce is always valid for a limited time (default: 15 seconds). However, this time does not count from when you begin to login but from unixtime 0 onwards. Thus in worst case you might only have a second to login. To get higher chances for login to work in Safari browsers (but with a little bit decreased security) just increase the following value as you like in the oscam-http.h before you build OSCam.

#define AUTHNONCEVALIDSECS 15

FAQ

Q: The webinterface do not work
A: Check whether you use a binary compiled from monitor-improvement branch. Trunk doesn't contain the webinterface as all other branches

Q: I have a binary compiled from monitor-improvement branch but the webinterface does not work.
A: Check whether you have set the "httpport" parameter to a free port in your LAN. Check the startup log for "HTTP Server listening on port <your port>"

Q: If I try to call the Webinterface with my Browser I get only a page "Error 403 - Forbidden"
A: You havn't defined an allowed IP/ IP Range wich is allowed to call the webinterface. Use the "httpallowed" Parameter

Reader Settings

Parameter Type mouse smartreader internal pcsc serial cs357x cs378x gbox cccam radegast newcamd525 newcamd524
.           camd35         newcamd  
device x     x x              
key                     x x
password               x        
premium               x        
account           x x   x   x x
pincode x x x x x              
readnano                        
services x x x x x x x x x x x x
inactivitytimeout                     x x
reconnecttimeout                        
disableserverfilter                        
label x x x x x x x x x x x x
fallback x x x x x x x x x x x x
logport           x x          
caid x x x x x x x x x x x x
boxid                        
aeskey                        
detect x x x x x              
protocol x x x x x x x x x x x x
n3_rsakey x     x                
tiger_rsakey x     x                
n3_boxkey                        
tiger_ideakey                        
detect x     x                
mhz x     x                
cardmhz x     x                
ident                        
class                        
chid                        
showcls                        
maxqlen                        
group x x x x x x x x x x x x
emmcache x x x x x              
blocknano x x x x x              
savenano x x x x x              
readnano x x x x x              
cccversion                 x      
cccbuild                 x      
cccmaxhop                 x      

Please help us to document new features here. Feel free to pick informations we give in the forum and write down here.

Thanks, A., A.