vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-06 03:45:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
4888 commits 26 branches 19 tags 449 MiB
Commit graph

108 commits

Author SHA1 Message Date
Simone Mainardi
a1a5d53c8e Improves Lua-based params validation 
Fixes #1935
 2018-08-28 15:08:34 +02:00
emanuele-f
c212844616 Fix truncated username 2018-08-21 19:30:09 +02:00
emanuele-f
f2a438c33a Fix 403 loop due to previous "user" cookie logic 2018-08-21 19:05:39 +02:00
emanuele-f
8a7ead5924 Harden HTTP session checks and remove user cookie 2018-08-21 18:16:54 +02:00
Simone Mainardi
abed170e98 Simplified handling of allowed interfaces 2018-08-21 13:21:21 +02:00
Luca Deri
d146200962 Implements async HTTP send used in pcap download to avoid that paused clients will lead ntopng to drop packets 2018-08-15 08:13:25 +02:00
Simone Mainardi
6f0104045a Initial work to check available space in socket buffers to send pcaps 2018-08-14 19:55:10 +02:00
Simone Mainardi
bd4252d727 Live pcap download security fixes 2018-08-14 17:57:42 +02:00
emanuele-f
163ef3af94 Allow to bind gui to a secondary address 2018-08-09 10:59:30 +02:00
Luca Deri
5ebaec2867 Added better trace for potential XSS attempts 2018-08-04 19:18:17 +02:00
Luca Deri
42e5741e92 Reworked backup 2018-08-03 10:39:36 +02:00
Luca Deri
b248f90b70 Added more comprehensive warning message 2018-07-18 17:28:53 +02:00
Luca Deri
444a12e0e8 Win fixes 2018-07-17 00:58:05 +02:00
Simone Mainardi
71ebaa39c2 Fixes allowed interfaces users access 2018-07-12 14:38:30 +02:00
Luca Deri
cb8f8997de Compilation fix 2018-07-06 22:48:00 +02:00
Emanuele Faranda
a4730f33c1 Improve captive portal support with WISPr XML 2018-07-06 19:35:48 +02:00
Emanuele Faranda
ed9c7d3044 Add captive portal log 2018-07-04 19:00:10 +02:00
Simone Mainardi
b980a1808f Implements web UI ACL 2018-06-22 19:31:02 +02:00
Simone Mainardi
7fa432ad9a Generalizes captive portal server start/stop 
Fixes https://github.com/ntop/ntopng/issues/1819
 2018-06-20 18:07:00 +02:00
Simone Mainardi
fe49f7d2f5 Prevents unnecessary params validation 
Fixes https://github.com/ntop/ntopng/issues/1818
 2018-06-20 16:13:16 +02:00
Emanuele Faranda
b948b43fff Fix invalid banned site redirection 2018-06-20 11:55:14 +02:00
Simone Mainardi
c1bcc625ac Code cleanup for HTTP/HTTPs 2018-06-20 11:38:08 +02:00
Luca Deri
b0a69f164d Code cleanup 2018-06-20 08:54:57 +02:00
Luca Deri
1ee5eff201 Minor code cleanup 2018-06-20 08:25:24 +02:00
Simone Mainardi
8f1228c04f Captive portal HTTP server fixes 2018-06-19 17:29:36 +02:00
Luca Deri
56b275124f Improved ntopng startup time 
Split the HTTP server into management and non-management (splash) servers

Implemented protection of the HTTP interface via an ACL that can be set with
- redis-cli set ntopng.prefs.http_acl_management_port "XXXX"

Where XXXX has the format +net/mask,+net/mask....

Example:
- You want the HTTP management interface be accessible only from localhost
   redis-cli set ntopng.prefs.http_acl_management_port "+127.0.0.0/8"

- You want the HTTP management interface be accessible for everybody except 192.168.0.0/16
  redis-cli set ntopng.prefs.http_acl_management_port "+0.0.0.0/0,-192.168.0.0/16"
 2018-06-19 11:43:49 +02:00
Luca Deri
30610bda60 Added code to randomize values returned by rand() 2018-06-17 15:24:25 +02:00
Luca
da772fb01d Fix for not sending 302 return code with -l 0 2018-06-13 19:27:01 +02:00
Luca
29caa78eb1 Renamed Lua into LuaEngine to avoid name clashes 2018-06-13 18:17:49 +02:00
Simone Mainardi
8cca1f6703 Implements informative captive portal (no login) 2018-06-06 10:33:36 +02:00
emanuele-f
a70dce4301 Secure ntopng cookies with SameSite and HttpOnly 
HttpOnly prevents the cookie from being accessed by javascript code and restricts XMLHttpObject utilization.
See https://blog.codinghorror.com/protecting-your-cookies-httponly/ .

SameSite=lax restricts cookie utilization in iframes, images or XMLHttpRequests, but still allows external
sites to link to the ntopng webserver and use the existing authenticated user session.
See https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ .
 2018-05-16 11:43:23 +02:00
emanuele-f
24faaa0e20 Fix ntopng messages interpreted as mongoose errors 2018-05-15 18:27:42 +02:00
emanuele-f
dba841a16b Print mongoose error messages 2018-05-15 10:52:50 +02:00
emanuele-f
2ce6ac2fc1 Fix ntopng login redirection 2018-05-08 14:02:00 +02:00
emanuele-f
3a1728414d Redirect to login when session expires 2018-03-27 15:16:30 +02:00
Luca Deri
f0c936c368 Updated (C) to 2018 2018-03-22 21:59:42 +01:00
emanuele-f
99b67b16ad Remove old nedge define and move to new one 2018-02-09 13:01:08 +01:00
Simone Mainardi
74a5ac644d Fixes issues when serving static content (e.g., css) 2018-01-25 18:45:08 +01:00
emanuele-f
6102f42f53 Block captive portal users ntopng web login 2018-01-25 14:14:08 +01:00
Simone Mainardi
aa11e532e1 Fixes nEDGE captive portal ssl redirection 2018-01-17 12:41:34 +01:00
Luca Deri
c9ecd931d9 Code cleanup 2017-12-16 08:23:56 +01:00
Luca Deri
b5ad7ebfce Fixed invalid termination sequence that might have lead to crash during termination 2017-11-12 12:40:03 +01:00
emanuele-f
4a17ab7047 Improve licence expire message 2017-10-27 13:06:23 +02:00
Luca Deri
b6c7f08eb5 Updates for systemd 
Added checks for end demo mode
 2017-10-22 19:52:26 +00:00
Luca Deri
20b3c74ada Implemented support for ntop custom lua loadfile 
Packaging changes for nedge
 2017-10-22 18:43:21 +02:00
Luca Deri
c8de202017 Fixes to compile ntopng without MySQL 
Added nEdge support in configure
 2017-10-21 13:39:18 +02:00
emanuele-f
501ee043b0 Fix splash port check 2017-10-19 13:52:41 +02:00
Luca Deri
86613c081b Login bug fix 2017-10-16 14:01:29 +02:00
Luca Deri
420ce53060 Added support for HTTP splash port 2017-10-16 07:57:32 +02:00
Luca Deri
4b01406137 Improved fingerprinting support 
Disabled HTTP banned page support as in the current implementation is ambiguous
Fixed flow parsing leak
 2017-10-15 07:46:20 +02:00