Allowed/en: Unterschied zwischen den Versionen

Aus FHEMWiki
(First english version)
(kein Unterschied)

Version vom 14. März 2018, 12:17 Uhr


allowed
Zweck / Funktion
Securing the FHEM server components
Allgemein
Typ Hilfsmodul
Details
Dokumentation EN / DE
Support (Forum) Automatisierung
Modulname 96_allowed.pm
Ersteller rudolfkoenig / rudolfkoenig
Wichtig: sofern vorhanden, gilt im Zweifel immer die (englische) Beschreibung in der commandref!


allowed is a Helper module to secure and restrict access to the server services (FHEM web server and telnet) provided by fhem.pl.

Introduction

By default every device connected to the same network[1] the FHEM server is part of could connect and steer FHEM without encryption or need for user or password data. FHEM will therefore present a security warning. Defining an allowed device is one of the available options to set.

Most likely you want to make use of allowed to

  • allow access to FHEM coming out of other networks and/or
  • restrict the possibility to access FHEM (or at least get not full control over all of your devices and configuration) for members of the same network.

Syntax

To define an allowed device for one or more FHEMWEB or telnet-Interfaces use

    define <name> allowed <deviceList>

Additional Remarks

If you plan to make FHEM accessible not only from a local net, it is highly recommended to not just use allowed but to apply also additional security measures. Possible options could be the use of VPN technologies (Virtual Private Network) and/or the installation of a Reverse-Proxy-Server like Apache or nginx. For the web server interfaces provided with FHEMWEB it is also highly recommended to use the attribute HTTPS to activate HTTPS enchryption on communication. For telnet (being more or less also a TCP/IP Port) please use SSL als an attribute.

Examples

Introduce authentification with user and password for common FHEMWEB entity:

    define allowedWEB allowed
    attr allowedWEB validFor WEB,WEBphone,WEBtablet
    attr allowedWEB basicAuth { "$user:$password" eq "admin:secret" }
    attr allowedWEB allowedCommands set,get

Same for telnet:

    define allowedTelnet allowed
    attr allowedTelnet validFor telnetPort
    attr allowedTelnet password secret


  1. For example, if all of the devices connected to you home network use addresses from the range 192.168.178.x, a device using address 192.168.178.3 has access to FHEM, whereas 192.168.179.3 would be rejected