Comments (5)
The HTTP always allowed paths are:
"/info" for backwards compatibility to work out if this is a V7 token Gateway or not.
That is good. I am relying on being able to access /info for autoselecting/detecting v7.
from enphasecollector.
I'm on one of the latest versions (D7.3.123
) and port 80 is still open. I've verified I can pull down the info.xml file over http (doesn't require any authentication) so it makes sense for a good first step in determining how it proceeds.
from enphasecollector.
That's good to know. I have a change for this but not yet ready to test with.
Interestingly your version is higher than any I have seen so far.
from enphasecollector.
The latest is 7.3.130 for North America and 7.6.175 for Europe.
Source: https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01
I'm working with Enphase to get a new version to fix some further vulnerabilities I discovered, so there will be another version soon. Mine is going to be the guinea pig before they seek for wider release.
RE: Port 80 vs 443, the gateway's NGINX instance will redirect all http to https unless they come from the IQ gateway itself (localhost, as some of the internal APIs consume other APIs) or in the 2 specific exception blocks below :
The HTTP always allowed paths are:
- "/info" for backwards compatibility to work out if this is a V7 token Gateway or not.
- "/admin/lib/dba" for support tunnel.
And HTTP is also allowed for when the user is accessing these URLs in access point mode:
- "/admin/lib/network_display"
- and "/admin/lib/wireless_display"
This is different from which URLs require authentication or not, just which will get redirected to HTTPS. Port 80 will be open but only the above criteria will dictate whether anything can be served over it other than a redirect.
I'm in the process of documenting which auth levels are required for which endpoints - and these recently changed, i.e. /stream/meter now (7.0.88 -> 7.6.175+) requires "prov" (3) or above. Owner is a "2", Installers are "6".
Hope this helps,
Matthew
from enphasecollector.
0.28 release has code to handle autoselection of 443 for the V7 firmware
from enphasecollector.
Related Issues (20)
- Duplicate key error on new deployment when writing to influxdb HOT 5
- Can't get Docker Build to Complete HOT 38
- Receiving error after updating to current version HOT 12
- H2 database upgrade to V2 HOT 3
- Support InfluxDB > 1.8 HOT 2
- Remove Hibernate and just rely on basic Spring Data
- Consumption values wrong when another hybrid inverter is present in the system HOT 19
- Publish real-time stats to MQTT server HOT 3
- Not an Issue -- Thank you HOT 1
- Enphase Gateway (Envoy) API changes HOT 33
- Update "How to build" docu HOT 7
- Battery data not in database HOT 28
- New release needed HOT 2
- Is "excess" equal to what is being exported to the grid? HOT 1
- Dockerfile bug: unknown instruction: IF HOT 3
- How to connect to MQTT publisher HOT 3
- Error retrieving solar stats - IO error HOT 8
- Unrecognized field "system_id" HOT 4
- problems connecting MQTT server HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enphasecollector.