So, since i'm using mqtt with autentication i need to block any http commands, is it possible?
Because this is an huge security risk.
Many thanks.
How to disable HTTP commands?
Moderators: grovkillen, Stuntteam, TD-er
-
- New user
- Posts: 5
- Joined: 24 Oct 2016, 05:57
Re: How to disable HTTP commands?
What part is a security risk? the HTTP commands should be quite limited, the best you should be able to get from http is the status of a specific gpio.
Re: How to disable HTTP commands?
... and actuate a gpio pin to say a relay, on http, without password, .... So I also think it would be better if we are able to disable for instance actuation of gpio pins, and limit a hacker reading the json back about what Tasks are setup on the device.
-----------
IOTPLAY. Tinkerer, my projects are @ http://GitHub.com/IoTPlay, and blog https://iotplay.org. Using RPi, Node-Red, ESP8266 to prove Industry 4.0 concepts.
IOTPLAY. Tinkerer, my projects are @ http://GitHub.com/IoTPlay, and blog https://iotplay.org. Using RPi, Node-Red, ESP8266 to prove Industry 4.0 concepts.
-
- New user
- Posts: 2
- Joined: 09 Dec 2016, 19:47
Re: How to disable HTTP commands?
I have 2 arubas access Point, they have the possibility to create Access Rules, so what i've done is create a new SSID and permit only comunications from the pears to my Firewall to the NTP port and to my MQTT server and is port, every thing else is droped.
So, no one can access my pears from this SSID nor my internal network because it's beind an SOPHOS Firewall.
So, no one can access my pears from this SSID nor my internal network because it's beind an SOPHOS Firewall.
Who is online
Users browsing this forum: Bing [Bot] and 21 guests