Web Server
Back Home Up

SUMMARY

The HCA Web Server is fully described in the HCA User Guide. This technical note contains some additional details that you may want to use to get the best performance from the Web Server on various browsers and some security notes.

JavaScript

The default and mobile display interfaces of the HCA Web Server require JavaScript to function. Please verify that JavaScript is enabled on your web browser for optimal use. Unfortunately JavaScript support on mobile devices is inconsistent. The HCA Web Server has a “nojs” parameter to disable JavaScript for these cases. The “nojs” parameter enables the mobile device display and removes the dependency on JavaScript.

Display mode

The HCA Web Server provides for operation of a range of devices with several different display modes. The default display mode is a view very similar to the HCA main window - a tree view on the left and a display on the right.

The mobile display mode has a condensed interface that is suitable for devices which have a smaller display.

The final display mode allows for devices that do not support the level of HTML/JavaScript necessary for the advanced views. These two mobile display modes look almost the same with the only difference being the addition of a “View” button to the version which does not require JavaScript.

 

Supported Platforms

When you connect to the Web Server it typically detects which display mode to use based upon information received from the browser and device. There are a few cases where you may need to help the Web Server display pages in your preferred mode.

There are many different devices in the world that run a browser.  And there are many different browsers.  So many of both that we admit that we have not tested them all.

We did test Windows XP and Vista with all the popular browsers: Internet Explorer 6, Internet Explorer 7, FireFox, Opera, and Safari.  We also tested on several Windows CE platforms running Pocket Internet Explorer and on the BlackBerry running the BlackBerry Browser.

But rather than try and create a list of what is supported and what isn't, use this chart to help tailor the Web Server to your device.

bulletYou see the default display and this is what you want.
 -- No need for parameters
bulletYou see the mobile display and this is what you want.
-- No need for parameters
bulletYou see the default display or a distorted default display that is not functional.
-- Use /32 in the URL
bulletYou see the default display but you want to see the mobile display.
-- Use /32 in the URL
bulletYou see the mobile display, but the selecting an item from the drop down menu does not function.
 -- Use the “nojs” parameter
bulletYou see the default display but the right side is truncated.
-- Use the “splitter” parameter

 

Parameters within the URL

Specifying parameters  is best described with examples. Suppose the IP address of the machine which runs the HCA Web Server is 169.254.180.32 and the Web Server Port is 9955. To access the Web Server Interface use the following address in your Web Browser.

http://169.254.180.32:9955/

You can supply parameters as part of the URL. When done in this manner, the parameters are in effect only for the current browser session. That is, until you close the browser or browse away from the HCA Web Server interface.

It is important to use the correct format when specifying the parameters on the URL. To enable the /32 parameter, enter it with the URL as:

http://169.254.180.32:9955/32

To enable the “splitter” or “nojs” parameters the URL should be followed by a “?” and then the first parameter. For additional parameters follow the previous one with an “&” and the parameter.

bullethttp://169.254.180.32:9955/?splitter
bullethttp://169.254.180.32:9955/?nojs
bullet http://169.254.180.32:9955/?splitter&nojs

To enable both the /32 and additional parameters, the /32 comes first and then the additional parameters. For example:

bullethttp://169.254.180.32:9955/32?splitter
bullethttp://169.254.180.32:9955/32?nojs
bullethttp://169.254.180.32:9955/32?nojs&splitter

Specifying parameters on the Web Setup tab

All of the above parameters can also be specified within the Web Setup tab of HCA. These parameters control the Web Server in the same method as if you had specified them with the URL, but in this case they are in effect all the time and for all browser sessions.

Enter the parameters as: parameter-name, parameter-name, …

For example: splitter, nojs

Note: The /32 parameter cannot be specified on the web setup tab. It an only be specified on the URL

In addition to the “splitter” and “nojs” parameters described above, there are a few others that can be specified on the Web Server setup tab. These are:

bulletsinglecolumn. This option only affects the mobile display interface. Normally on pages that display icons, the icons are arranged in two columns. Enabling this parameter forces a single column rather than two.
bulletthermostatpoll. On the display page for a thermostat you have to press a button to get the current values. Enabling this option the Web Server will retrieve the current values before the page displays for the first time.

IP address and passwords

When you browse to a web site you can use either of two methods. The first is using a domain name, like HCATech.com, which internally gets translated to an IP address. The second method is to us the IP address, like 10.1.10.63, directly.

How does this effect HCAWeb and when it asks for passwords? The first test HCAWeb does before asking for a password is to see if you entered a domain name or an IP address. If you didn't use the IP address directly then you will always get asked for a password. If the browser is using the IP address directly then the password is requested if the first three numbers of the address are not the same as the IP address of the browser.

Let's talk about this further. In the web world, the 4 numbers of the IP address places a location on computers. The first number is like a city, the second is like a street, the third is the house number, and the fourth is all the computers in the house. Using this analogy, all computers that have the same first three numbers are computers in the same house.

In HCAWeb, all computers with the same first three numbers as the computer running HCA, are in the same place and are considered "local". For these computers, as long as the passwords have been entered at least once from a "local" computer then those passwords are used for all local computers, without having to keep reentering the passwords. All non "local" computers are always asked for the passwords.

IP Address

In the above examples, the URL contains an explicit IP address. This is very inconvenient because you will need to know this number and enter it. If your ISP changes the IP address over time, you will have to know what the current one is. You can solve this by using an online service like DynDNS.org. This service lets you locate your home server by name and internally converts the name into an IP address and keeps up with changes to it.

Security

When using the HCA Web Server it is very important to consider security. You do not want others to be able to interact with your home. Security is built from these items all working together:
bulletFirewall
bulletRouter passwords
bulletPort use
bulletHCA security Firewall

Firewall

A firewall, sometimes a windows software component, and sometimes software that runs on a router, provides a number of methods used to allow and deny access. The firewall rules you create determine when access is denied and allowed. Each firewall has different setup and you should check the router documentation. In general, you may see options that only allow access to certain port numbers with certain protocols, access at only certain times, or access only from certain IP addresses.

You should definitely have a firewall and configure it as appropriate for your situation.

Router Passwords

Some routers contain facilities that request a password when access is made to a given port. If your router provides this feature you can use this as the first level of secure entry into your home. If supported by your router as soon as you connect to a defined port the router will ask for a password before the connection is made.

Port use

Most services (like HTTP, for web pages) rely on connections on a particular “standard” port. So when you connect to a particular web page (say http://www.msn.com), what the browser really ends up trying is http://www.msn.com:80 . Anyone trying to gain remote access to your home will try the usual port number (for example, the HCA default port number of 9955). You can solve this simply by defining a port other than 9955 on the HCA Web Server setup tab.

HCA Security

The last piece of the security setup is the passwords that HCA provides. Passwords for your design are specified on the Home Properties dialog security tab. If you enter a password for remote access then before anyone – even you – can view your design that password must be entered. The control password provides even more security. Even if the design can be viewed another password must be entered.

Security is built from these four items. As many as possible should be used and understood to ensure that you – and only you – can access and control your home.

 

Helpful Web Sites

There are some helpful web sites available to guide you through the myriad of security issues that you might come across. One site that is very informative, and oddly enough very easy to use and understand, is pcflank.com. This site will run a test for you against your system for free (it takes about five minutes) and gives you an easy to understand risk assessment, complete with explanations as to what steps to take to repair the vulnerability. This report, used in conjunction with your firewall documentation can make your web site virtually hacker-proof in just a few minutes.