miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

enable_https and randomize_urls

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
azdps



Joined: 16 May 2019
Posts: 1

PostPosted: Thu May 16, 2019 4:58 am    Post subject: enable_https and randomize_urls Reply with quote

Hello miniupnp,

I'm interested in the enable_https and randomize_urls settings. I happen to have stumble upon them while reading commits and such.

You implemented randomize_urls as a request and then disabled it by default. Why not have this build option available as a miniupnpd.conf option and have it enabled by default? I see that genconfig.sh is where I can enable both.

Can you provide a little more details about this 2 settings please. Are they not widely used build options? After looking through source code etc I don't really think I have a clear grasp of enable_https. randomize_urls appears to be straight forward. Unfortunately I haven't had the time to test either.

I appreciate the work you've put into the miniupnp project. It's allowed me to run multiple gaming consoles at home without any issues.

I'm currently using OPNsense which is obviously based on FreeBSD. Just FYI.

Thanks for any insight,
azdps


Last edited by azdps on Fri May 17, 2019 2:27 am; edited 1 time in total
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1474

PostPosted: Tue May 21, 2019 9:24 am    Post subject: Reply with quote

I'm afraid most UPNP clients ("control points") do not support HTTPS, that's why it is disabled by default in miniupnpd.

also the randomize URL feature was initially implemented to prevent https://github.com/filetofirewall/fof attack.
But in fact https://github.com/miniupnp/miniupnp/commit/98cc73a372d61988b252794340daff68e2304a9d is sufficient to prevent the attack.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.