Browser Security

The browser interface requires the user to authenticate using matching login and password. The authentication remains valid until you either terminate the browser or logout.

To disable authentication, set the variable config(httpSecure) to 0 in the policy.tcl file.

To completely disable the HTTP interface, set the variable config(httpSecure) to "disable" or any integer other than 0 or 1 (use 2, typically). To enable the HTTP interface, use the value "enable" or 1.

As of 2016.09, web server security has been enhanced to prevent local file inclusion via a path relative to an open URL, such as /gif.