Is there a listing of the IP address or ranges that I can use on my firewall to allow a “make web request”? I plan to expose an IP and a set of URLs that webcore can call to trigger certain automations on my raspberry pi, but I only want the webcore services to have access to them. Searching the forums and wiki I don’t see any of the IP information for the service listed.
Make Web Request Source IP for firewall
c1arkbar
#2
Are you trying to limit the firewall to only allow the IP address coming from webcore?
Any actual calls are coming from SmartThings. So their ip would be necessary to know. I am unaware of what their ip ranges are however. You should be able to setup a simple script to grab the ip that pings your Pi but it might also be a good idea to use an obscure port as well.
scott_farmer
#3
Yes, I want to create a rule on my firewall that says something like ALLOW TCP:PORT from ST_IP_RANGE -> INTERNAL_IP.
I thought about just watching the deny rule on my firewall and using the IP that the webcore web request came from, but I’m guessing that Smartthings would have a pretty large cloud footprint and could come from multiple source
addresses.
Because I’m running this all through an apache reverse proxy I’m now considering setting up a token in the URL rather than the firewall rules. I could tell apache to redirect requests destined to my internal host to a 404 page unless the url token matches.
Robin
#4
I’m actually not sure about this, my Blue Iris integration makes calls directly to the LAN IP’s / port, which makes me think the calls are being routed through the hub??
scott_farmer
#5
My piston web call is definitely making the call across the internet to my external address. I thought all of this happened inside my local network, but it does not. When I enter the direct IP of my PI I get no hit on the URL. When I use the external hostname that routes through my firewall and reverse proxy it hits the url on the PI from a source address of 54.83.153.160.
Robin
#6
are you getting the format right?
My BI web calls are setup as follows:
{BI_Server_LAN_IP}:{PORT}/admin?camera={CAM_SHORT_NAME}&trigger&user={USERNAME}pw={PASSWORD}
What are you sending?
scott_farmer
#7
I’m just making this simple piston to test with a super simple python script on my PI.
If I use https://ip.of.my.pi the url is never triggered. If I use https://my.internet.hostname everything works. If I could find a way to have my ST Hub make the call directly to my PI over the LAN that would be ideal. I don’t care to send this round trip across the internet just for a simple TV off trigger.
ipaterson
#9
This should do the trick. For a bit more background info, webCoRE actually checks the IP address to determine whether to do a local request from the hub so you will need to use your internal IP beginning with 10. or 192.168. or in the CIDR range 172.16.x.x/12 and ensure that your hub can access that based on the hub’s internal IP.
disforw
#10
A while back I was playing with web calls and learnt along the way that SmartThings (and by association WebCoRE) will determine if the address provided needs to use HubAction (local LAN) or httpGet (internet). I read somewhere (I think it was SmartThings documents) that HubAction requests can not use HTTPS.
Assistance with "Make web request" action
scott_farmer
#11
Thanks for the input everyone. I confirmed that it does actually work with using my internal IP. I’m unclear on what I was doing wrong earlier. Either a typo, or https, or something was preventing it. I just changed my web call to http://x.x.x.x:xxxx/path/to/my/script and I can see the request from from my hub IP and the automation is working.
Thanks for the help everyone!