I can check that off my list of conundrums, on to the next!Will install now and update on my findings. Will try and see if I can identify a pattern into what triggers the error, aside from time. Thanks for the continued support!
Just wanted to update that this is now implemented as of Blue Iris 5.8.2.4.
Remote-User: username header or Remote-User: username:password had no effect.
I can only share what I was told - I sent him the request for this and included following docs:
doc.traefik.io
It's possible that the docs and/or additional options are forthcoming since I just today replied that it was working as intended.
curl -I -H 'Remote-User: MY_USERNAME' -XGET http://blueiris.MY.DOMAIN-XGET to the curl command.I filed a bug here that might be related to this issue- 267121 – WebKit requires keyframes now for video decodes, which makes it less forgiving for IP cameras -- I wonder if this PR ([WebCodecs] AudioDecoder and AudioData support by philn · Pull Request #16432 · WebKit/WebKit) may have introduced the "Key frame is required" or even an earlier change. Waiting to hear back from the developers for any input here.
I'm glad someone has finally been tracking down the cause of that problem and the proper place to report it
In Blue Iris Settings > Web server, make sure the "Bind exclusively" checkbox is not checked. Then ensure that the TCP port number for Blue Iris's web server is allowed through Windows Firewall. I always create a firewall rule to explicitly allow that traffic, and do not rely on the automatic firewall configuration to do the job properly.
None of this seems to be working still as of BI 5.8.3.1, and there's still no documentation of the feature in the help file or in BI settings. Something must be missing. I've tried sending this request from another LAN machine and also from a remote internet machine, and in both cases Blue Iris just returns a 302 (redirect) or 401 (unauthorized) depending on whether BI is configured to "Use secure session keys and login page".I can only share what I was told - I sent him the request for this and included following docs:
Traefik ForwardAuth Documentation - Traefik
In Traefik Proxy, the HTTP ForwardAuth middleware delegates authentication to an external Service. Read the technical documentation.
I also told him this:
It's possible that the docs and/or additional options are forthcoming since I just today replied that it was working as intended.
Just for a sanity test, as I am on my work computer and going via another proxy etc, I tried from the command line using a machine on my network, and it seems to work. Without it, I get a 401 response.
curl -I -H 'Remote-User: MY_USERNAME' -XGET http://blueiris.MY.DOMAIN
Edit: I also had to add-XGETto the curl command.
X-Forwarded-For header, so it could be exploited by any outside attacker to gain access that is normally only available to privileged IP addresses. (since August 2022, BI now handles that and the X-Real-Ip header much more securely, only trusting header values that were sent by a LAN address). So I am naturally suspicious when other authentication bypass mechanisms are added, that they might be easily exploited by remote connections.Nope, the answer comes back negative. The URL is an IP address which shows up in the web server setup dialog.
That's a starting point.
It should be the server's LAN IP with the port appended, such as
