ipWhitelist HowTo

Mitchfarino · May 3, 2017, 6:46 AM

I’m just at work at the moment, so I’ll post my config when I get home.

When I leave it as it originally was in the config, the mirror loads but I can’t get MMM-RemoteControl to work as it gives me the permission error

Then when I replace it with [] it fails to load the mirror and tells me to create a config.js file

twosix · May 9, 2017, 11:51 PM

The remoter control module is not working for me to any extent, when I whitelist the IPs for my school’s wifi (following the HowToWhitelistIP thread’s directions) in every way stated, I get the “this device is not allowed to access…” message. Then, when I allow all IPs access I get the “cannot get remote/html” message. Any help would be great! Thanks!

rudibarani · Jun 25, 2017, 12:52 PM

Hi @mochman,
I was wondering, if the whitelist could be used to limit the access to different MM sub-sites? I would like to have the MM screen itself open to a larger set of IP addresses but would like to lock down the MMM-RemoteControl & MMM-AdminInterface sites and limit access to my own devices.
Any idea how to achieve this?
Thanks for your advice!

cowboysdude · Jun 25, 2017, 1:37 PM

It helps to read a little…
http://searchsecurity.techtarget.com/definition/application-whitelisting

+| ipWhitelist | The list of IPs from which you are allowed to access the MagicMirror². The default value is ["127.0.0.1", "::ffff:127.0.0.1", "::1"]. It is possible to specify IPs with subnet masks (["127.0.0.1", "127.0.0.1/24"]) or define ip ranges (["127.0.0.1", ["192.168.0.1", "192.168.0.100"]]). Set [] to allow all IP addresses. For more information about how configure this directive see the follow post ipWhitelist HowTo |

rudibarani · Jun 25, 2017, 6:21 PM

@cowboysdude Thanks for your reply. My white Lists work fine for the MM2 screen. I was looking for a way to separately limit access to the sites generated by the Remote Control and Admin interface module. Any ideas?

cowboysdude · Jun 25, 2017, 6:24 PM

@rudibarani said in ipWhitelist HowTo:

@cowboysdude Thanks for your reply. My white Lists work fine for the MM2 screen. I was looking for a way to separately limit access to the sites generated by the Remote Control and Admin interface module. Any ideas?

Honestly the best thing to do is ask the creator of those modules ;) I don’t do the ipWhitelist.

roblocksrocks · Jun 26, 2017, 3:01 AM

@cowboysdude Maybe you’ll be able to help, I’ve tried doing [ ], I’ve tried whitelesting all IPs as shown in here, and the only thing I have been able to get to work is whitelisting specific IPV4 and IPV6 addresses. That was fine because my most used devices have static IPs anyway however the issue comes now that I have port forwarding and am trying to open it up to any IP (I am aware of the security ramifications)

open_book · Jun 29, 2017, 9:01 AM

@mochman I’m experiencing a similar problem to the one @looolz describes above.

I can access through SSH (putty) no problem. I’ve seen the logs “Access denied to …” and added the two addresses (my laptop and mobile) to the ipWhitelist.

I’ve also added the “…1.1/120” and “…1.1/112” to the list but I still get access denied.

I did get both devices working for a while - but was then denied access through putty! I’d really like to be able to access through mobilebrowser for MMM-remotecontrol AND SSH for other work.

The reason for this comment is that I checked wlan0 and I have an inett6 addr listed.

You mention this above but don’t say what to consider next. If you’re still around and have any thoughts about this I’d appreciate it!

resulted in me being able to connect from mobile/laptop but meant that SSH stopped working.

cowboysdude · Jun 28, 2017, 9:42 PM

@roblocksrocks Lets see if @mochman answers because honestly I don’t use it and really have no working knowledge of it or how to use it.

mochman · Jun 30, 2017, 5:36 PM

@open_book The ipWhitelist should have no affect on your SSH ability. This sounds like there is some problem with either your network or the pi itself. The ipWhitelist just affects what can connect to the MagicMirror software.

Can you give me your network setup and how you’re trying to access it through SSH? I’m guessing that you are trying to SSH in from inside your network and not from somewhere else.

I haven’t used the remote control module so I’m not to sure how it works with the whitelist. From how you’re describing it, it sounds like whatever the IP of the device you use the remote control with is what the MagicMirror needs whitelisted. If that’s the case, are you just trying to access your mirror from devices on your internal network or are you using a data plan with your mobile? If so, that IP probably changes frequently.

Those IPs you listed ("...1.1/120"), are those IPv6 or IPv4 IPs?