Menu
What's new
By:
Filters Better Search

[Help] WebUI Mod

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

cmd.exe

New Around Here
I am new to Asuswrt-Merlin, my hobby is WebDev, I know the basic of linux, I am a RT-N10U owner and I want to be a part of this great community.
I want to make a more compact (in size and request) WebUI, maintaining the same UI/UX, without installing others HTTPd or apps.
For frontend that meas a more faster loading/render of the pages and for backend this will increase the size of /jffs directory.
My primary target is the /jffs directory, I want more that 1 mb free space, without deadline because it is a free time project.
I can interact with the generic HTTPd with usb stick attached :
#
mount -o bind /dir/to/usbstick /www
service restart_httpd
#
My questions are:
-Where in /jffs/scripts/ is best to add the commands to bind and restart the HTTPd?
-This tag <% nvram_dump("syscmd.log",""); %> is to read the output of the last command but is there something like <% nvram_exec("reboot"); %> for input?
-Where are the .cgi files stored and is there a way to disable/delete from HTTPd?
-Is there a way to add security headers like X-Frame-Options or CORS to the generic HTTPd?

Kind regards!
 
L&LD said:
Welcome!

I am sure some will have some great answers to the more technical questions you pose.

Note that RMerlin's firmware though does not support your router model. I do not know how much that will affect anyone's ability to help you with your issues though.

http://www.snbforums.com/threads/asuswrt-merlin-custom-firmware-for-asus-routers.7846/
Click to expand...

Thank you,
I downloaded from http://www.snbforums.com/threads/fork-asuswrt-merlin-on-broadcom-mips-rt-n-series.18624/ , for my RT-N10U .
 
This is a fork, which hasn't been maintained for a long time. I can't help you regarding script support, as I have no idea what specific functionality this fork supports, sorry.

You cannot execute a command with an EJ string. These are not executed like Javascript is, they are parsed by the httpd, replacing them with content generated by the httpd, before sending the resulting page to the web client. Think of it as a server-side scripting, not client-side.

There's no CGI. It's all done by the httpd itself, either through POSTed arguments, or through parse-time handling from EJ tags.
 
L&LD said:
It hasn't been active in a very long time.
Click to expand...
Yes, indeed! But I am a foreigner, if we are lucky we work for ~ 210 $ in hand a month and the RT-AC56U model is not cheap. I know my router version <3.0.0.4_378_4129> is outdated, but it only cost ~ 7 $ (flea market). This is my chance to practice "webdev" in a SOHO device.
I prefer Merlin version that the asuswrt stock firmware, because I have better control of it.

RMerlin
"There's no CGI. It's all done by the httpd itself"

When I restart the HTTPd with my own assets, the .cgi files remain:
https://github.com/RMerl/asuswrt-me.../src/router/www/Main_WStatus_Content.asp#L185
And I believe it execute the value of the "action_script" parameter.

"Think of it as a server-side scripting, not client-side."

Construct with javascript a dynamic EJ tag with your command in it, like <% nvram_exec("sleep 200"); %> , and transfer thru a GET/POST request to an .asp file that echo everything back (I know,XSS) to the user in a hidden way.
That .asp file will have a Referer header validation check, if it is from a whitelisted url, it will execute.
In this way I can disable the telnetd and spare some cpu and maybe ram.

Edit:
Like a user define RGB background color.

Thank you for your reply!
 
Last edited:
cmd.exe said:
When I restart the HTTPd with my own assets, the .cgi files remain:
https://github.com/RMerl/asuswrt-me.../src/router/www/Main_WStatus_Content.asp#L185
And I believe it execute the value of the "action_script" parameter.
Click to expand...

It's not a real CGI. It's just a keyword that gets processed by httpd.

cmd.exe said:
Construct with javascript a dynamic EJ tag with your command in it, like <% nvram_exec("sleep 200"); %> , and transfer thru a GET/POST request to an .asp file that echo everything back (I know,XSS) to the user in a hidden way.
That .asp file will have a Referer header validation check, if it is from a whitelisted url, it will execute.
Click to expand...

The EJ gets parsed by the server before sending you the page. You can't generate it client-side through Javascript.

If you REALLY must execute a user-specified command, look at how Main_WOL_Content.asp is implemented, and modify httpd to allow running anything else than an authorized command. And be ready to deal with the security fallout from it...
 
RMerlin said:
The EJ gets parsed by the server before sending you the page. You can't generate it client-side through Javascript.

If you REALLY must execute a user-specified command, look at how Main_WOL_Content.asp is implemented, and modify httpd to allow running anything else than an authorized command. And be ready to deal with the security fallout from it...
Click to expand...

Just a thought... I agree with RMerlin, it's not wise to mess with this layer, unless one really understands it.

A few months back, I looked into how to modify something inside the AsusWRT build - was easy enough to deal with pushing data into the wireless driver on the shell, but touching the WebGUI to make it available (or remove the selection) made it a non-starter as it would be very difficult to maintain as upstream updates come in

(@RMerlin - this was the wireless beamforming thing I did a deep dive into, if you recall)

How the WebGUI interacts with the Broadcom SDK is incredibly complicated, and has years of technical burden/debt behind it, it's incredibly brittle in that layer - there's probably about 5 people in the world that totally grok it, and I would suspect that even they consider very carefully when making changes inside it... even minor ones. It's a software "third rail" - touch it and die...

I don't mean to discourage you, but just consider what you're in for...

It's overdue for a full rewrite, but that's a huge undertaking...
 
You must log in or register to reply here.

Similar threads

black-raison-detre
Adding APIs to httpd
Replies
2
Views
594
heysoundude
heysoundude
D
Asus GT-AX6000 webui not responding
Replies
6
Views
755
danza
D
black-raison-detre
Idea for better web Addons
Replies
13
Views
1K
black-raison-detre
black-raison-detre
garycnew
Asuswrt-Merlin 384.19 WebUI won't load after Login
Replies
7
Views
3K
garycnew
garycnew
aru
Skynet Practice displaying a world map on a webpage using an addon-api.
2
Replies
33
Views
2K
Quoc Huynh
Q
Similar threads
Thread starter Title Forum Replies Date
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
P Help with traffic filtering Asuswrt-Merlin 0
C Need some help with a DHCP problem Asuswrt-Merlin 9
S Help Required AC68U (TM-AC1900) troubleshooting after power outage Asuswrt-Merlin 3
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
Spydawg need help with network loop. Asuswrt-Merlin 9
J Help - duckdns has started returning an IPv6 IP address Asuswrt-Merlin 1
A Help Required Upgrading AC68U from Stock FW to Merlin Please? Asuswrt-Merlin 15
F ASUS RT-AC86U (merlin Current Version : 386.12_6): jffs2: Argh. No free space left for GC. Can you help me troubleshoot this please? Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 849 (members: 21, guests: 828)
Top