Filter X-Forwarded-For Apache

The XFF HTTP field can be used to obtain the remote IP when a http server is located behind a reverse proxy. If the remote proxy does not clean the XFF field you can’t trust it. The worst is that this field can be used for injecting code in your website.

I’ve been a such issue in a security plugging logging and not filtering the remote IP field. As this one came from XFF, it was possible to inject javascript into the database remotely and execute that JS when displaying the dashboard of the “security” pluggin.

One of the option to solve this is to clean the XFF field (or reject the request when the XFF is not clean). This can be done with a simple configuration in the http config file (or htaccess)

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} !^$
RewriteCond %{HTTP:X-Forwarded-For} !^[0123456789.\ ,]{7,36}$
RewriteRule ^ - [L,R=404]

Here, empty XFF and XFF container anything else than numbers and some other char, lower than 7 char and higher the 36 chars will be rejected with a 404 as Last operation.

Satellite’s IoT is now ready for use with Kineis

Kineis nano-sat Photo credit Kinéis et Héméria

Even if you think it is the first time you heard about Kineis, you are basically wrong in some ways ! This company is a recent “Startup”, existing since June 2019 but for real, they are managing an IoT offer based on top the famous and quite experienced Argos system, started in 1978 and now operating more the 22.000 devices running application like animal tracking, ocean safety and many scientific programs.
The service is running over the 8 satellites currently in orbit, making Kineis the most advanced satellite IoT solution commercially available as of today.

Thanks to the polar orbit of the satellites, the whole earth is covered, no white zone, no blind spots from pole to pole, ocean to desert, device are communicating from everywhere, autonomously.

This blog post is the first of a series made with the help of Kineis to introduce you the technology and my experience with it. As usual, there is no sponsoring for these blog posts but a close work with Kineis as the offer is only open to business companies currently.

Companies like Exotic Systems, Arribada or Advanced Tracking, have already started to make products using Kineis network for asset tracking applications mainly.

Continue reading

Nebra Helium miner review

Nebra indoor miner customer box

After reviewing the Rak Wireless miner in a previous blog post, after receiving my own Nebra miner, I’ll give a review of it.

The Nebra miner is one of the different Helium miner machine. It is at first a LongFi (LoRaWan) gateway. It includes a software to run it over a blockchain to create a global IoT network. you can get more details on what is helium in the linked blog post.

This review is on a Nebra batch #1, it is possible that some of the given information will not be valid in a couple of weeks when the batch #2, #3 … will be delivered. No need to precise it but this is an end-user review. I’ve ordered and paid my miner. I’ve no link with Nebra.

Continue reading

IoT actors ecosystem framework

The IoT actors ecosystem framework

IoT ecosystem is rich of many different actors providing solutions and services in different areas.

I’ve tried to create a framework to position these actors. Many of the existing actors can be in multiple blocks but each of these is a standalone viable business where you can fin existing actors.

In the following pdf file, you will get the details of the different blocks to understand their role, the type of service provided and sometime some exemple of companies acting in this domain.

Helium RAK Miner review

Rak Wireless Helium Miner v2

Rak Wireless is one of the Helium miner provider, currently the main one. This miner is based on a Rapsberry PI 4 but we will see that it’s not the only part in the miner as Helium Blockchain is not about computing but radio communications.

So the Rapsberry Pi is not the most important parts of the machine, it’s the LoRa concentrator, a piece of technology capable to listen simultaneously on 8 different radio channels and decode really low level signals around -139dBm, basically 0.00000000000001 mW of signal power…

In this post we will detail the technical details about this miner and the interesting aspects. I will also detail my installation experience, this one is not especially specific to RAK as the installation process is quite similar with all the different miners.

In term of radio, the different miner are equivalent and in term of processing the power of a Raspberry Pi 3 is good enough to run the blockchain. More over in the coming month the addition of the Validator in the block chain will drastically reduce the number of complex operation inside the miner. As a consequence, the performance is not an important criteria. This is to say, currently the tech specifications are not really important in the miner choice and I won’t detail a lot that part.

Continue reading

LoRa-E5 the Seeed Studio STM32-WL module

STM32-WL is the new ST family supporting LoRa and LoRaWAN in, not a single chip but a single die. I did not yet written on it (busy busy busy) but this technology is really interesting as it resulting on a simplified architecture with less chip in your circuit and at the end a lower power consumption, a lower footprint and a lower cost.

LoRa-E5 from Seeed studio is a module containing a STM32-WL circuit and the associated RF circuitry to simplify design based on such chip. Its public price is $9.9 for the module alone and you can also find different boards using it. This price is in the maker market but a bit high for a such system for mass production. This module contains the stronger STM32WL family chip, chip price is 3.71€ / 1000 on mouser. But the module includes all the circuitry around and facilitate your design.

The module is mainly maker market and comes with software to be immediately used by end-user within an Arduino or equivalent environment. It can also be re-flashed for being used with your own software in it. The cortex M4 in is is stronger than most of the Arduino platform.

Let’s see what this chip is and how to use it.

Continue reading

LoRaWAN soil moisture solar device using Helium network

My child have a small garden where he has tomatoes, mint, different vegetables and fruits. We want to know when it is the right time to water it.

This was also an opportunity to use my Rak Wisblock kit fro something else than just writing some blog post. I’ve chosen to connect the device over Helium network because I’m making different tests on this network currently but it is also working on TheThingsNetwork the same way. So you can use the network most covering you around.

The data will be displayed on Cayenne Mydevice for getting a quick dashboard for displaying the information. In this blog post I’m going to describe the main steps and the needed hardware to make your own device.

Continue reading

Low Cost LoRaWan Field Tester

When deploying a LoRaWan network, we need to verify what is the coverage. Eventually before deploying a Hotspot for Helium network we need to find the best place to reach as much peers as possible. A field tester is a simple, mobile, tool to help you decide the best location and monitor the coverage in a zone.

There are many different existing solutions on the market, I have used some of them in the past like the Adeunis field tester. The problem of the existing device is usually the price and the absence of backend application to report the network seen signal. The solutions are usually around 200 – 400€ and I was looking for making something less expensive for makers and hotspot owners.

Thanks to the Seeed Wio Terminal, a low cost Arduino like terminal with a cool TFT screen and buttons, it makes it a nice platform to make a LoRaWan Field tester with a good UI.

Continue reading