The webserver can be used to display or change the status of fli4l
routers (IMONC can be used too). The status monitor can be activated by
setting OPT_HTTPD='yes'
.
If you are using the default configuration set your browser to one of the following addresses:
http://fli4l/ http://fli4l.domain.lan/ http://192.168.6.1/
If you configured fli4l to use another name and/or domain these have to be used. If the webserver is set to listen on another port than the default one specify it like this:
http://fli4l:81/
As of version 2.1.12 a login page will be displayed which is not protected by a password. Protected pages are in the subdirectory admin, for example:
http://fli4l.domain.lan/admin/
The web server can be configured by setting the following variables:
This specifies the language in which the web interface is shown. If set to 'auto' the language setting is taken from the variable LOCALE in base.txt.
The web server usually binds to a so-called wildcard address in order to be accessed on any router interface. Set the web server with this parameter to only bind to one IP address. The corresponding IP address is given here: IP_NET_x_IPADDR. Normally this parameter is left blank, so the default (Accessible on any interface IP) is used.
This parameter is used to bind the httpd to only one IP so that other instances can bind to other IPs on the router. It can not be used to limit access to the web interface of the router. This would need additional configuring of the packet filter, too.
It is also possible to specify multiple IP addresses here (separated by spaces).
Set this value if the web server should run on another port than 80. This is usually not recommended, since then it must be accessed through the browser by adding the port number. Example http://fli4l:81/.
enter username and password for each user here. On top specify for each user which functions of the the web server should be accessible to him. Functions are controlled via the variable HTTPD_RIGHTS_x. In the simplest case it is 'all', which means that the corresponding user is allowed to access everything. The variable has the following structure:
'Range1: right1,right2,... Range2:...'
Instead of adding all rights for a certain range the word ``all'' can be used. This means that the user has all rights in this range. The following ranges and rights exist:
Some examples:
Activates 'Online Access Control'. By using this internet access of each host configured in package dns_dhcp can be controlled selectively.
A console tool is available too, providing an interface to other packages like EasyCron:
/usr/local/bin/oac.sh
Options will be shown when executed on a console.
Restricts the online access control to connections on this network device (i.e. 'Pppoe').
Provides protection against circumvention via proxy.
OAC_INPUT='default' blocks default ports for Privoxy, Squid, Tor, SS5, Transproxy.
OAC_INPUT='tcp:8080 tcp:3128' blocks TCP Port 8080 and 3128. This is a space separated list of ports to be blocked and their respective protocol (udp, tcp). Omitting protocols blocks both udp and tcp.
Omitting this variable or setting it to 'no'
deactivates the function.
Turns off overview if at least one group exists. If no groups exist the variable is without effect.
List of available time limits separated by spaces. Limits are set in minutes. This allows time period based blocking or access definition.
Default: '30 60 90 120 180 360 540'
Possible values: 'DROP' or 'REJECT' (default)
Number of client groups. Used for clarity but also allows to block or allow access for a whole group at once over the web interface.
Name of the group - this name will be displayed in the web interface and may be used in console script 'oac.sh'.
If set to 'yes'
all clients of the group are blocked at boot. Useful if
PCs should be blocked in general.
Marks the group as invisible. Useful to block a PC in general which should not be visible in the web interface. The console script oac.sh is not affected by this (for use in easycron).
Number of clients in the group.
Name of the client as defined in HOST_x_NAME in package dns_dhcp.
List of interfaces defined in base.txt allowing internet access only to hosts defined in dns_dhcp.txt. Hosts not defined are blocked in general.