Giter Club home page Giter Club logo

Comments (5)

dlmcpaul avatar dlmcpaul commented on June 20, 2024 1

The HTTP always allowed paths are:

"/info" for backwards compatibility to work out if this is a V7 token Gateway or not.

That is good. I am relying on being able to access /info for autoselecting/detecting v7.

from enphasecollector.

ChadDa3mon avatar ChadDa3mon commented on June 20, 2024

I'm on one of the latest versions (D7.3.123) and port 80 is still open. I've verified I can pull down the info.xml file over http (doesn't require any authentication) so it makes sense for a good first step in determining how it proceeds.

from enphasecollector.

dlmcpaul avatar dlmcpaul commented on June 20, 2024

That's good to know. I have a change for this but not yet ready to test with.

Interestingly your version is higher than any I have seen so far.

from enphasecollector.

Matthew1471 avatar Matthew1471 commented on June 20, 2024

The latest is 7.3.130 for North America and 7.6.175 for Europe.
Source: https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01

I'm working with Enphase to get a new version to fix some further vulnerabilities I discovered, so there will be another version soon. Mine is going to be the guinea pig before they seek for wider release.

RE: Port 80 vs 443, the gateway's NGINX instance will redirect all http to https unless they come from the IQ gateway itself (localhost, as some of the internal APIs consume other APIs) or in the 2 specific exception blocks below :

The HTTP always allowed paths are:

  • "/info" for backwards compatibility to work out if this is a V7 token Gateway or not.
  • "/admin/lib/dba" for support tunnel.

And HTTP is also allowed for when the user is accessing these URLs in access point mode:

  • "/admin/lib/network_display"
  • and "/admin/lib/wireless_display"

This is different from which URLs require authentication or not, just which will get redirected to HTTPS. Port 80 will be open but only the above criteria will dictate whether anything can be served over it other than a redirect.

I'm in the process of documenting which auth levels are required for which endpoints - and these recently changed, i.e. /stream/meter now (7.0.88 -> 7.6.175+) requires "prov" (3) or above. Owner is a "2", Installers are "6".

Hope this helps,
Matthew

from enphasecollector.

dlmcpaul avatar dlmcpaul commented on June 20, 2024

0.28 release has code to handle autoselection of 443 for the V7 firmware

from enphasecollector.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.