forum


https://forum.z-wave.me:443/

Security of z-way JSON-API

https://forum.z-wave.me:443/viewtopic.php?f=3419&t=19408

Page 1 of 1

Security of z-way JSON-API

Posted: 08 Oct 2013 11:31
by janver
I can't seem to find any info about the security of the JSON-API.
Are there security features (user/password protection) implemented to the JSON-API? And how should I activate them.

No, there are no. We suggest

Posted: 08 Oct 2013 11:31
by PoltoS
No, there are no. We suggest to use solutions like ngnix to do so.We expect your local environment to be safe and protected ;)

Re: Security of z-way JSON-API

Posted: 20 May 2014 20:57
by alexey.zimarev
A sample configuration for nginx for basic auth with .htpasswd and reverse proxy can be found here http://serverfault.com/questions/511846 ... erse-proxy

I just spent 10 minutes to install it and it works like a charm. The default port needs to be locked by iptables.

Re: Security of z-way JSON-API

Posted: 20 May 2014 21:03
by pofs
It is a bit pointless now, as find.z-wave.me offers a secure proxy to access your z-way from anywhere.

Re: Security of z-way JSON-API

Posted: 21 May 2014 12:17
by alexey.zimarev
I did it not to make a secure proxy but to protect the API from unauthorized access in a local environment and this is what the topic starter asked about. The assumption that the local environment is "always safe and secure" is wrong. We use Vera controllers in rented apartments and have protect it from being accessed by guests.

Re: Security of z-way JSON-API

Posted: 29 May 2014 04:22
by pfremm
Could you just resort to firewall rules if needed assuming you can specify a IP range for the devices that should have access to the JSON API. I just use this at my house so internal access is not a huge deal, but for external access I setup iOS profiles for on-demand VPN access with openVPN.

Re: Security of z-way JSON-API

Posted: 06 Jul 2014 14:09
by aivs
It works for me, redirect from 80 to 8083, login and password in /opt/z-way-server/.htpasswd
/etc/nginx/nginx.conf

Code: Select all

user http;
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;

    # Z-Way server
    server {
        listen       80;
        server_name  localhost;
        access_log  /var/log/nginx/z-way.access.log  main;
        error_log   /var/log/nginx/z-way.error.log;
        location / {
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8083/;
            proxy_redirect off;

            # Password
            auth_basic "Restricted";
            auth_basic_user_file /opt/z-way-server/.htpasswd;

            # Don't forward auth to Z-Way
            proxy_set_header   Authorization "";
        }
    }
}
All times are UTC+03:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited