iPXE discussion forum
Hide/supress/obscure URL when "chaining" to another page (PHP) - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Hide/supress/obscure URL when "chaining" to another page (PHP) (/showthread.php?tid=6776)



Hide/supress/obscure URL when "chaining" to another page (PHP) - Torgeir - 2012-12-07 19:29

Hi!

Is it possible to achieve this for me by modifying something in the ipxe-source code? Or modifying some settings/flags etc?

So I can hide this...
[Image: ipxeurl.png]

Or make it dissapear faster when chaining to another page.

Torgeir


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - robinsmidsrod - 2012-12-07 20:45

The only thing I can think of out of my head is to use an ANSI cls sequence as shown on this page to make it disappear faster.
http://ipxe.org/cmd/set


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - Torgeir - 2012-12-07 21:04

Could not get that to work before.. It did now though.
Seems, a bit faster than the clearscreen "/scr/core/exec.c" hack found in the mailinglist archive.

To bad there is no way to hide the loading URL completely.

Thanks again Smile
Suggestions on what I can enable of DEBUG options, to make the loading stage a bit more disguised?

Tried adding a bunch of DEBUG parameters "DEBUG=tcp,dns,ipv4,icmp,ndp,netdevice,ethernet,http". But then my login menu, started to get, debug on the screen over the login menu, making it disappear.


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - thomil - 2012-12-12 17:13

As a quick and dirty hack you could replace line 75 in src/usr/ifmgmt.c:

if ( ( rc = monojob_wait ( uri_string_redacted ) ) != 0 )

with:

if ( ( rc = monojob_wait ( "" ) ) != 0 )


This is untested but it should prevent the URL from being printed at all. Please note that after that change *all* URLs will be hidden and you won't have any feedback about which URL failed to download, if that should happen.

From looking at the surrounding code it appears that iPXE will automatically hide the password if you're using HTTP authentication. Instead of printing "http://username:password@host/file.php" it will print "http://username:***@host/file.php". If this is an option for you you may want to look into that as it's a much cleaner solution.

If you're a C programmer you could also add a setting to enable/disable the URL printing on demand, using the above hack as a starting point.

Thomas


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - Torgeir - 2012-12-12 22:22

Hi!

Thanks for taking interest Smile

It looked promising, but did not work. The URL still get printed to screen. Tried with "chain/kernel/initrd", but they probably uses the same "exec" function or something anyway.

I do try to learn some C/C++. Can manage the basics of PHP pretty well (but PHP is too nice to the programmer, compared to C/C++).

Using HTTP auth/ldap I will have to rewrite the way I use iPXE/PHP as an installmenu. Now I use adLDAP to authenticate against AD. And then I do SSH with ldapsearch with these credentials, and something like:
ldapsearch -h dc -b dc=xxx,dc=com samaccountname=$1 | grep "memberOf\|All Users"

To check if authenticated user is member of a specific adGroup that we permit to do "new install/reinstall".

As soon as I get $_REQUEST[pass], I encode, so it does not show up in clear text, because the ldapsearch takes some seconds to complete. iPXE has been configured to do this over HTTPS, so it does not show up in clear text over the network. Chaining between the pages goes so fast, that it does not bother me that it is in clear text, but you can always use "Pause" to see it Smile

So it would be nice it if was doable.

Torgeir
Btw, the file was: src/usr/imgmgmt.c


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - thomil - 2012-12-13 11:01

(2012-12-12 22:22)Torgeir Wrote:  It looked promising, but did not work. The URL still get printed to screen. Tried with "chain/kernel/initrd", but they probably uses the same "exec" function or something anyway.

Are you sure you tested the right file? I just tested that change and booted the iPXE HTTP demo. It showed the "chain <URL>" command that I typed in, but it didn't show any filenames when it fetched the kernel and initrd.

And sorry about the wrong filename.


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - Torgeir - 2012-12-13 11:40

You're absolutely right Smile

Dont know how I managed to get that wrong (have a bit of a mess of ipxe-src's', messy tftproot, which I test stuff at home)...

At work I made a script to do it all for me, makes a dymaic ipxe.ipxe script file, and makes 4 different ipxe images. As I use a syslinux module to find nic vendor and device id, and then chooses ipxe.pxe or undinoly.kpxe, based on nic type.

(again I had some troubles with some drivers or something, broadcom PCI fiber card). That ipxe.pxe wont work with.

About not visible URL. Does not matter. My config now will not break Smile Have fallback to :failed everywhere (all chaining uses the same method, with fallback, dynamic PHP coding).

I also have a DEVEL image I can start from PXE that does not have these changes. So I can debug properly. Our prod environment will always work, testing before prod Smile

Anyway it did indeed work as you said. Exactly as I had hoped.
Thanky you very much.
Now with this in place, I am almost finished with my installmenu (iPXE/PHP).
Very soon it can be launched, and replace our old comboot module (C code) Smile


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - redjade - 2017-06-22 09:17

Just wondering if there is anything new on this question. I am a new user and have just setup and have a nice working solution with wimboot. The only change I would like is to not show the URL of my server to the users.
Any advice?

TIA


RE: Hide/supress/obscure URL when "chaining" to another page (PHP) - robinsmidsrod - 2017-06-27 10:07

You can't hide the URL without making code changes like thomil mentioned, but you can make it look nicer if you use HTTP POST support included in iPXE.