Jump to content

Separate Pineappleui From Public Sites

Sebkinne

By Sebkinne
in WiFi Pineapple Mark IV

 Share

PineappleUI separation (please read first post)  

33 members have voted

  1. 1. Do you want the pineappleUI to be seperated from the public html? (Pineapple UI would run on a different port)

    • Yes
      33
    • No
      0

Recommended Posts

Sebkinne Grand Master

Sebkinne

Posted
Posted

Hey everyone,

I have seen threads asking about security or hardening of the pineapple more and more now. In my eyes, the first step to do this is to separate the public html and the pineappleUI from each other.

If you all take well to my proposition, I will break up the UI as follows:

/pineapple/ -> Pineapple UI. Accessed through http://172.16.42.1:PORT/

/www/ -> Public html. Accessed as normal through http://172.16.42.1/

If we break up the webserver as above, we can add mac address filtering / ip filtering to the UI access.

If you are in favour of the separation, please vote yes and post a suggestion for a port. Please don't all post 1337, that is probably the most obvious port and therefore not my favourite. I suggest 1471 as that is the old Jasager port.

If you are not in favour of the separation, vote no and state your reason in a reply to this thread.

Lastly, if this change does happen, all module developers need to adjust their modules to work with the new directory. I don't see a module downtime being a problem as we have the stable and development channel and this would be released to the development channel first.

I am looking forward to your feedback!

Best Regards,

Sebkinne

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
  • Author
Posted

How would this work accessing from an android? Could you still get to the UI page?

||

How about the Raspberry pi?

I'm just trying to figure out what the disadvantages are here.

In regards to access, any browser that supports different ports than 80. And to be honest, I haven't encountered a browser that doesn't support other ports using the :PORT notation.

It is really simple actually. Instead of going to http://172.16.42.1/pineapple you go to http://172.16.42.1:1471

TLDR: No disadvantages I can think of, just requires people to realize that the way of accessing the UI has changed. I can imagine there being a few questions about it on the forum: "Where has the pineapple UI gone?".

Best Regards,

Sebkinne

Link to comment
Share on other sites
loozr Newbie

loozr

Posted
Posted

Well, as far as i know of, I think the ui has been on port 1471 in previous versions of the pineapple, right? So, i guess there would be some knowledge about the possible disadvantages?

Although I don't feel the need for this, I really don't see what bad it could do. (other than for the module writers that is)

Link to comment
Share on other sites
Neworld Newbie

Neworld

Posted
Posted

Well, as far as i know of, I think the ui has been on port 1471 in previous versions of the pineapple, right? So, i guess there would be some knowledge about the possible disadvantages?

Although I don't feel the need for this, I really don't see what bad it could do. (other than for the module writers that is)

Oh... didn't think about the modules. You would have to redo all of them, would you not?

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
  • Author
Posted

Why not leave it like it is, but give a menu option to change the port to whatever the user would like?

Not sure how that would mess with modules. Symbolic links?

No, sadly that wouldn't work well. Modules will have to follow a certain pattern and it wouldn't be feasible to support both types.. :/

The UI will be separated within the next release or two. The default port will be 1471 but modifiable through the config menu.

Best Regards,

Sebkinne

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
  • Author
Posted

I like the idea of it being customizable via the config.

Only the port is customizable. Not the separation itself. But you meant that, right?

I agree that this is best to allow people to use their favourite ports.

The problem is that the modules have to change when you change the port from the config.

Nope, this is false.

Modules need to change for the separation itself. The changes are minor though.

Changing the port should not have an influence on the modules what-so-ever.

Best Regards,

Sebkinne

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
  • Author
Posted

Have you talked to Darren about this?? What's he suppose to do with all the extra manuals he has laying around? All the manuals say 172.16.42.1/pineapple....

The decision has been made. And yes, we do communicate about changes which may affect things, especially others work.

Add a slip of paper that says:

"The URL on page X has been changed to ..."

I couldn't have said it better myself.

Best Regards,

Sebkinne

Link to comment
Share on other sites
sickduck Newbie

sickduck

Posted
Posted

What about changing it to 172.16.42.1:1471/pineapple

If someone port scans it and sees 1471 then they might try to connect to that port and be greeted with a logon box. Having to add /pineapple would make it a little more difficult. Weak security through obscurity but any little helps....

...and on the other hand maybe /pineapple isn't a good idea either. It gives it away that it is a pineapple.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...