NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Curl does not work any more since upgrade to 6.9.3 on RN316
Hello, I'm using following command to shutdown my RN316, but it is no more working since update to 6.9.3 : curl -u admin:$1 -k "https://$2/dbbroker" -H "Content-Type: application/x-www-form-u...
Ok, I have been able to do downgrate to 6.9.1 https://kb.netgear.com/000051531/ReadyNAS-OS-6-Software-Version-6-9-1
with no problem.
Now I can use Curl Again.
I hope it will be a way to automatically shutdown the Nass in future firmware
Thanks
This changed behaviour is expected. Your app/script will need to be longer on 6.9.3.
When sending the NML command or upload files to NAS over LAN, the APP needs to send the csrfpId token and login credentials in the HTTP request header. To get the csrfpId token, the app needs to request this webpage http://nas_ip/admin/csrf.html with the admin login credentials.
And then parse the html file to get the csrfpId token.
The csrf.html includes a script element which has the csrfpId token.
For example,
<script type="text/javascript">
<!--
csrfInsert("csrfpId", "mKrWJJlKMv5iqXUcSK7dEruWxdSbSqNi713aOVNCpYkLIA1wWmCUhmoZeV8EJ-jfXb6X6K6rT9InWOSd_OPiWPeonCpp01LC");
//-->
</script>
Then the app shall add a HTTP header "csrfpId" with the token. The csrfpId can also be added to URL query parameters or upload form. The token expiry occurs after 3600 seconds by default. When the token has expired, if the app sends a NML command to the NAS, the NAS returns status code 403. The app needs to get a new token with the above steps.
Does this mean that the сurl is no longer usable? Only scripts? What is the reason for this restriction? I use the curl in my home automation system to turn off the system or start the backup job
Yevgeniy wrote:
Does this mean that the сurl is no longer usable?
No. It means that you need to get the csrfpld token in the script, and then change your curl command line to include --header "X-CSRFToken: {token}".
Yevgeniy wrote:
What is the reason for this restriction?
It improves security, by making it much more difficult for a "cross-site request forgery" attack to succeed.
Basically, the NAS web server is setting up a session token for each web connection. Curl needs to present that token in order for the apache server in the NAS to accept the commands. If it doesn't, the NAS assumes those commands are forged.
most of us dont know how to do the script for to shutdown the readynass; we have just copy and paste (changing the username and password) and thats all.
It will be great is someone are able to make a new script that works with 6.9.3 using the token and share with the comunity
Just what I needed. I saw that the it needed the csrfpld token, but did not know how to get it. Thanks my code is now working again.
Like Shadowl0rd, I also don't know how to write this code and copy/pasted the code I've been using for years, which now doesn't work anymore. Could anyone with a new working script please share their script here? Preferably for a .bat file, like in the first post. Much appreciated.
This sounds like a place where Netgear should consider writing a program, so that the password is not stored in the clear. Ideally, something that can be called from a backup job. Even better would be the ability to send a WoL packet as well.
Let's call the program ReadyCTL. Script does:
ReadyCTL wakeup NAS1
<insert backup software command here>
ReadyCTL shutdown NAS1
Before all this, the user configures the program through the GUI with the NAS1 IP address (and others if he has them), admin name, and password and the program stores the name and password encrypted.
Building this into the NAS backup system would also be great.
Sandshark wrote:
This sounds like a place where Netgear should consider writing a program, so that the password is not stored in the clear. Ideally, something that can be called from a backup job. Even better would be the ability to send a WoL packet as well.
Let's call the program ReadyCTL. Script does:
ReadyCTL wakeup NAS1
<insert backup software command here>
ReadyCTL shutdown NAS1
Before all this, the user configures the program through the GUI with the NAS1 IP address (and others if he has them), admin name, and password and the program stores the name and password encrypted.
Building this into the NAS backup system would also be great.
Maybe post this on the idea exchange. FWIW, I'd like to see a general WoL app for OS6 NAS.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
