Blue Iris UI3



The ads suck smiley4.gif
 
What ads?

The ads he was talking about are from imgur which I used as the image host for the screenshot. Imgur has been going downhill lately. Not content to simply host images anymore, now they are redirecting people who try to load "just the image" to a page with a bunch of ads in the margin.

Question, ui3 is reporting that my CPU is not fast enough to support the stream, but the stream for 10 cams is coming in fluid and clear. In fact theres a wasp crawling around on one right now and it's not choppy at all. I have BI setup with no restrictions on bandwidth. It does report my CPU is running at 80%, what is the threshold to decide to pop up that message?

That message is triggered when the device you are viewing with can't decode the H.264 video as fast as it is coming in. It may still look smooth, but in reality the video is falling further and further behind. Specifically, that message comes up when the video is 3 or more seconds delayed. It happens easily on basically all phones, most tablets, and a fair number of low end laptops too. It can be eliminated in many cases by setting up one of the 3 streaming profiles with "ultrafast" encoding and a fairly low bit rate limit, and being sure to choose that streaming profile on the slower devices. I'd like to be able to fix this automatically by reducing resolution or something, but Blue Iris hasn't given me that power and I don't have high hopes that Ken will provide it.

There is a similar message for when your network connection is too slow for the stream, and again the only recourse is to ask the user to fix it :(
 
I've just installed this but now I see "Unable to contact Blue Iris server" in red at the bottom of the login page - I never backed up the old page either first - d'oh!

..:: Edit ::..
Oh wait that's when I go through my external IP which is reverse proxied via a Sophos UTM - it works direct to the Blue Iris IP address, I'll do some digging.
 
I've just installed this but now I see "Unable to contact Blue Iris server" in red at the bottom of the login page - I never backed up the old page either first - d'oh!

Ugh. That isn't supposed to happen, of course. Are you doing anything fancy with your network configuration, like a reverse proxy or Stunnel?
 
..:: Edit ::..
Oh wait that's when I go through my external IP which is reverse proxied via a Sophos UTM - it works direct to the Blue Iris IP address, I'll do some digging.

Aha. Well reverse proxies often complicate things, particularly if they inject a folder path into the URL (like instead of http://xxxxxx/login.htm you have http://xxxxxx/BlueIris/login.htm). I thought I had that taken care of and working, so if you have an example where it does not work then it is something I may be able to fix.
 
Ugh. That isn't supposed to happen, of course. Are you doing anything fancy with your network configuration, like a reverse proxy or Stunnel?
Just edited my previous post, yes it goes via Sophos UTM which is basically reverse proxying.

I've tried direct to the Blue Iris server from my Macbook and the login page now works but when I log in I get this:

Screen Shot 2017-11-02 at 20.59.49.png

I've just turned off AdBlock etc but still getting the same error
 
..:: Edit ::..
Oh wait that's when I go through my external IP which is reverse proxied via a Sophos UTM - it works direct to the Blue Iris IP address, I'll do some digging.

Specifically the login page and UI3 attempt to send POST requests to a page called "json" and if that fails with a 404 then it assumes you installed the page into a subdirectory so it changes to trying "/json" and that would break a reverse proxy that has injected a virtual directory path as I described. However it shouldn't get a 404 in the first place if your reverse proxy is configured right.
 
Just edited my previous post, yes it goes via Sophos UTM which is basically reverse proxying.

I've tried direct to the Blue Iris server from my Macbook and the login page now works but when I log in I get this:

...

I've just turned off AdBlock etc but still getting the same error

Thanks for the report. I'll check that out on my mac later and see if the same thing happens. Very strange.

If you figure anything out about the reverse proxy server, let me know. Maybe it isn't handling POST requests at all?
 
  • Like
Reactions: reverend
It looks like it's triggering one of the OWASP rules - I'll tweak it now but this is what it's triggered by default so far since I added the new UI3:

Code:
2017:11:02-21:12:45 utm httpd[7090]: [security2:error] [pid 7090:tid 3895278448] [client 192.168.0.1] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/usr/apache/conf/waf/modsecurity_crs_http_policy.conf"] [line "64"] [id "960010"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "text/plain"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "cctv.example.com"] [uri "/json"] [unique_id "WfuKTcCoADgAABuyIvAAAAAc"]
2017:11:02-21:12:45 utm httpd[7090]: [security2:error] [pid 7090:tid 3895278448] [client 192.168.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(.*)" at TX:960010-OWASP_CRS/POLICY/CONTENT_TYPE_NOT_ALLOWED-TX:0. [file "/usr/apache/conf/waf/modsecurity_crs_inbound_blocking.conf"] [line "26"] [id "981176"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5, SQLi=, XSS=): Last Matched Message: Request content type is not allowed by policy"] [data "Last Matched Data: text/plain"] [hostname "cctv.example.com"] [uri "/json"] [unique_id "WfuKTcCoADgAABuyIvAAAAAc"]
2017:11:02-21:12:45 utm httpd[7090]: [security2:error] [pid 7090:tid 3895278448] [client 192.168.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/modsecurity_crs_correlation.conf"] [line "37"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5, SQLi=, XSS=): Request content type is not allowed by policy"] [hostname "cctv.example.com"] [uri "/json"] [unique_id "WfuKTcCoADgAABuyIvAAAAAc"]
2017:11:02-21:12:45 utm httpd: id="0299" srcip="192.168.0.1" localip="192.168.0.56" size="213" user="-" host="192.168.0.1" method="POST" statuscode="403" reason="waf" extra="Inbound Anomaly Score Exceeded (Total Score: 5, SQLi=, XSS=): Last Matched Message: Request content type is not allowed by policy" exceptions="-" time="1004" url="/json" server="cctv.example.com" port="80" query="" referer="http://cctv.example.com/login.htm?page=%2F" cookie="_ga=GA1.3.39458233.1465889816; path=/; session=2c3d336144a8208441015db439e21c6a; HASH_session=F446590CD6D4BA7FA0CE98FEE2D12AF72E74FAAE" set-cookie="-" uid="WfuKTcCoADgAABuyIvAAAAAc"
 
I've disabled the top two ids in the firewall profile 960010 and 981176 which got rid of the Unable to contact Blue Iris error, and then it just kept looping back to the login page until I disabled cookie signing at which point it gets me to the same point now as going to the IP direct with the viewport error.

Not sure if it's possible to fix the cookie signing issue in the UI3 source though as that may also trigger other web application firewalls?

I'll try off a Windows machine to see what happens there.
 
Last edited:
OK so UI3 seems to work fine from IE11 on a Server 2016 box and also latest Chrome on Windows so the error seems Mac specific?

If I try from Safari on this same Macbook it hangs at Loading Web Content with Busy and all the other lines are green.

I'm running Mac OS High Sierra 10.13.1 beta with Chrome 62.0.3202.75 and Safari 11.0.1
 
Last edited:
Hi

Works fine on fresh install of BI.
Works both from Mac os using chrome and from Android device running chrome.

Amazing job. Kudos!!!
 
Looking real good on Firefox 56.0.2 and Safari 10.0.3 running on OSX Yosemite 10.10.5.

One issue: Audio is not working yet, unmuting the audio icon doesn't work so no audio (on either FF or Safari). Works in ui2.

Love the overall look and the server mini dashboard is sweet.
 
Thanks for the feedback so far, everyone.

I've disabled the top two ids in the firewall profile 960010 and 981176 which got rid of the Unable to contact Blue Iris error, and then it just kept looping back to the login page until I disabled cookie signing at which point it gets me to the same point now as going to the IP direct with the viewport error.

Not sure if it's possible to fix the cookie signing issue in the UI3 source though as that may also trigger other web application firewalls?

I have no idea what cookie signing is.

Looking real good on Firefox 56.0.2 and Safari 10.0.3 running on OSX Yosemite 10.10.5.

One issue: Audio is not working yet, unmuting the audio icon doesn't work so no audio (on either FF or Safari). Works in ui2.

In Firefox 56 you shouldn't be seeing the audio icon or volume bar at all in UI3. Can you confirm? Firefox 56 isn't compatible so the audio controls should be invisible. Firefox 57 comes out in a few weeks and it should work then. I haven't tried Safari with UI3 since I got this audio streaming method working, which was only just in the last week.

What do you mean when you say unmuting the audio icon doesn't work? There are a number of slightly different icons and colors used to visually portray the state of audio playback. A line through the speaker icon for instance tells you that the current stream does not have an audio track. Otherwise it is a speaker icon and depending on volume it has a big sound wave (>50%), a little sound wave (<50%) or no sound wave (mute). The colors are gray for idle, yellow for loading, and green when audio is playing. If you aren't using one of the H.264 streaming options, the audio controls should be totally gone.

UI2 and UI3 have different audio streaming methods, by the way. UI3 only plays audio if you are streaming H.264 video, but it can handle audio in group streams, single camera streams, and in recordings. UI2's older streaming method could do it while streaming jpegs, but only for whatever single camera you had maximized in live view, and it only really worked well in firefox.
 
UI3 in Chrome by default streams H.264 using the profile "Streaming 0" that is set up in Blue Iris Options on the web server tab, advanced button. Blue Iris defaults this to only 0.5 Mbps and that is the cause of your poor quality. Inconsistent frame rate is the result of a poor connection and I can do nothing about that short of forcing there to be video delay which I won't do :)

Yeah, I saw the selector for choosing the Streaming quality, but dismissed it since I was thinking it referred to the various stream channels of my Dahua cam and I knew channel 0 was configured as my highest quality. Didn't expect any fix for the frame drop, just noted that as info in case it was useful. Changed the stream quality and all is good now. Thanks.
 
...
In Firefox 56 you shouldn't be seeing the audio icon or volume bar at all in UI3. Can you confirm? Firefox 56 isn't compatible so the audio controls should be invisible. Firefox 57 comes out in a few weeks and it should work then. I haven't tried Safari with UI3 since I got this audio streaming method working, which was only just in the last week.

What do you mean when you say unmuting the audio icon doesn't work? There are a number of slightly different icons and colors used to visually portray the state of audio playback. A line through the speaker icon for instance tells you that the current stream does not have an audio track. Otherwise it is a speaker icon and depending on volume it has a big sound wave (>50%), a little sound wave (<50%) or no sound wave (mute). The colors are gray for idle, yellow for loading, and green when audio is playing. If you aren't using one of the H.264 streaming options, the audio controls should be totally gone.

UI2 and UI3 have different audio streaming methods, by the way. UI3 only plays audio if you are streaming H.264 video, but it can handle audio in group streams, single camera streams, and in recordings. UI2's older streaming method could do it while streaming jpegs, but only for whatever single camera you had maximized in live view, and it only really worked well in firefox.

Confirmed 56.0.2. The audio control appears when the cursor is in the video frame as gray with diagonal line through it. Clicking it toggles the volume slider to/from zero with no change to the grayed-out speaker icon.

I'm not sure how to test H.264 streaming. I can only select JPEG streaming qualities on the left side drop down. The BI streaming profile is set to H.264. LMK if there's some other setting(s) I'm missing... thanks, Russell

ff ver.png

audioicon.png

encoder.png
 
Aha, the script that hides the audio control when it isn't available is not working correctly. I can see it in my Firefox too. It will be fixed in the next beta release.
 
I'm not sure how to test H.264 streaming. I can only select JPEG streaming qualities on the left side drop down. The BI streaming profile is set to H.264. LMK if there's some other setting(s) I'm missing... thanks, Russell

It will be an option in the Streaming Quality list in any browser that supports it. Firefox won't support it until Firefox 57 which releases on November 14th (2017).
 
I have no idea what cookie signing is.

If cookie signing is what I think it is (the proxy server messing with the cookies in an attempt to prevent the client from changing them??) then it simply won't work with UI3. The session identifying string is in a cookie, and the UI needs to be able to read and write it.