MinimServer Forum / MinimServer / General v / [Feature Request] Option for overrding presentationUrl in UPNP Device Service XML

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Feature Request] Option for overrding presentationUrl in UPNP Device Service XML
30-07-2023, 17:16 (This post was last modified: 30-07-2023 20:57 by simoncn.)
Post: #18
simoncn Offline
MinimServer author
*****
 		Posts: 16,935
Joined: Dec 2011
Reputation: 110
RE: [Feature Request] Option for overrding presentationUrl in UPNP Device Service XML
I agree that this unfortunately doesn't work when running MinimServer in a Docker container, so a different approach is needed.

From post #3:
(17-07-2023 07:37)blindfish Wrote:  So my first attempt was to add a macvlan to the container so that SSDP would still work, but the web interface would only be accessible on the docker internal bridge network. For that I was looking for a setting to bind the webserver to a specific interface (the internal bridge only). That did not exist.
Although this is not possible at present, it would be possible to add this as an option. This would also restrict use of the web API and mscript to the same specific interface.

Implementing a similar restriction for MinimWatch configuration is more difficult. MinimServer uses the external ohNet package to implement the UPnP protocol for communication between MinimServer and UPnP clients (i.e., UPnP control points and MinimWatch). ohNet provides a setting to limit access to a single subnet but this would apply to all UPnP clients, so using this setting would block client access for UPnP browsing as well as for MinimWatch configuration.

Instead, MinimServer could reject all inbound requests from MinimWatch that don't originate from the permitted subnet. This should prevent configuration changes but it might cause MinimWatch to malfunction or behave in an unexpected way because MinimWatch will receive some inbound messages from MinimServer (automatically sent by ohNet) but it will receive an error result whenever it tries to send back an outbound message. I will need to do some experiments to confirm what would happen in this scenario.

If I can make this work with MinimWatch, would it meet your requirement?

Edit: Unfortunately, this doesn't quite work because binding the web server to a single subnet would also bind the resource server to the same subnet, which creates the same problem you have at present. An alternative would be for MinimServer to provide a configuration option to specify a single IP address (your reverse proxy) that is authorised to perform configuration actions. It would still be necessary to prevent unauthorised MinimWatch configuration actions and I don't know how this would work because these don't use HTTP and therefore can't be filtered by the reverse proxy.

I will give this some more thought.
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: [Feature Request] Option for overrding presentationUrl in UPNP Device Service XML - simoncn - 30-07-2023 17:16

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MinimServer Home | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication