All URLs use the GET method in the HTTP transaction. There are two URL types, Type 1 URL and Type 2 URL, supported in the CGI. These two types of URLs share the same URL commands. In Type1 URL, the user account and password are carried in the first two URL commands. In Type2 URL, is the user account and password are not in the URL. It needs to have extra HTTP authentication first. To distinguish these two types of URLs, the different CGI program path is used.
Important Note
The & is the reserved character in URL to link two URLs. If the & is in the input argument of an URL, the firmware will treat two URL commands.
Example 1: URL1=abc&URL2=def
In this example, the firmware gets two URL commands. The first one is URL1=abc and the second one is URL2=def.
Example 2: URL1=abc&def
In this example, the firmware gets two URL commands again. The first one is URL1=adc and the second on is def.So, the & has to be not in the input argument of a URL command.
The CGI program path was defined in the firmware and not changeable. In type 1 URL, the CGI path is the /cgi-bin/. In type 2 URL, the CGI path is the /cgi-bin/cmd/
For example, the URL Command in system CGI for type 1 URL ishttp://ip:port/cgi-bin/system?USER=xxxx&PWD=xxxx&CMD
the URL command in system CGI for type 2 URL is
http://ip:port/cgi-bin/cmd/system?CMD
Type1 URL
In the first type, it is not secure URL because people could get the account and password easily by sniffing the network. However, it is very simple, all CGIs support this type URL currently. For security consideration, this type URL might be removed from all CGIs in the future. The format of the URL looks like
http://ip:port/cgi-bin/CGI?USER=admin&PWD=123456&CMD1=VALUE1&CMD2
where
ip: the device IPv4 address
port: the device's HTTP port. If it is 80, the port could be omitted
CGI: CGI Program like system, mpeg4, encoder, update ,....
CMD1=VALUE1 : a write command to set the VALUE1 to device's configuration associated with CMD1
CMD2 : a read command to get the device's configuration associated with CMD2You could find two successive URLs are connected by the symbol "& and the USER and PWD carried the user name and password in plain text as the part of URL command.
Note that except the USER, PWD and CHANNEL commands, the error in the URL will not stop processing the rest of URLs but the error message will be returned if there are many URLs in a single URL command.
Here is the dump of the content of an URL with Microsoft Internet Explorer 7 for reference. This URL is
http://172.16.3.53/cgi-bin/system?USER=Admin&PWD=123456&WAN_TYPE
- URL from host to device
ASCII Format
GET /cgi-bin/system?USER=Admin&PWD=123456&WAN_TYPE HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-tw
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 172.16.3.56
Connection: Keep-AliveHex Dump Format
ASCII Format
HTTP/1.0 200 OK
Content-type: text/plain
WAN_TYPE='1'Hex Dump Format
Type2 URL
In the second type, it is more secure URL because the account and password has to be encrypted in the HTTP transaction. Not all CGIs support this type of URL. The system, mpeg4, encoder and decoder CGIs supports this. For security consideration, this type might be available to all CGIs in the future. The format of the URL looks like
http://ip:port/cgi-bin/cmd/CGI?CMD1=VALUE1&CMD2
where
the usage is very similar to the Type1 URL except the path of CGI program is different.Once you applied the URL, the login prompt window will be shown. You need to enter the account and password in the window to go further.
Here is the dump of the content of an URL with Microsoft Internet Explorer 7 for reference. This URL is
http://172.16.3.53/cgi-bin/cmd/system?WAN_TYPE
- HTTP Session 1
The host sends the URL without any account information to the device.
ASCII format
GET /cgi-bin/cmd/system?WAN_TYPE HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-tw
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 172.16.3.56
Connection: Keep-AliveHex Dump Format
The device reply the Unauthorized message and prompt the logon window.
ASCII Format
HTTP/1.1 401 Unauthorized
Server: thttpd/2.25b 29dec2003
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 26 Dec 2007 10:57:41 GMT
Last-Modified: Wed, 26 Dec 2007 10:57:41 GMT
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
WWW-Authenticate: Basic realm="cgi-bin/cmd"
<HTML>
<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">
<H2>401 Unauthorized</H2>
Authorization required for the URL '/cgi-bin/cmd/system?WAN_TYPE'.
<!--
Padding so that MSIE deigns to show this error instead of its own canned one.
Padding so that MSIE deigns to show this error instead of its own canned one.
Padding so that MSIE deigns to show this error instead of its own canned one.
Padding so that MSIE deigns to show this error instead of its own canned one.
Padding so that MSIE deigns to show this error instead of its own canned one.
Padding so that MSIE deigns to show this error instead of its own canned one.
-->
<HR>
<ADDRESS><A HREF="http://www.acme.com/software/thttpd/">thttpd/2.25b 29dec2003</A></ADDRESS>
</BODY>
</HTML>Hex Dump Format
- HTTP Session 2
The host sends the URL with encrypted account information to the device.
ASCII Format
GET /cgi-bin/cmd/system?WAN_TYPE HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-tw
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 172.16.3.56
Connection: Keep-Alive
Authorization: Basic QWRtaW46MTIzNDU2Hex Dump Format
The device reply of the command
ASCII Format
HTTP/1.0 200 OK
Content-type: text/plain
WAN_TYPE='1'Hex Dump Format
Note that the CHANNEL=n command will be ignored if the device is an one channel device.
There are two levels of URL in a Multi-Channel Encoder device. The first level URL is for the Router and the second level URL is for the Video Server. To identify the level of URL, the CHANNEL command is used. The Router URL does not need to have CHANNEL command but the Video Server URL needs to use CHANNEL command.
Format of the Router URL
http://ip:port/cgi-bin/CGI?USER=Admin&PWD=123456&CMD1=VALUE1&CMD2
or
http://ip:port/cgi-bin/cmd/CGI?CMD1=VALUE1&CMD2You could find these formats are the same as the general URL describe above.
Format of the Video Server URL
http://ip:port/cgi-bin/CGI?USER=Admin&PWD=123456&CHANNEL=n&CMD1=VALUE1&CMD2
or
http://ip:port/cgi-bin/cmd/CGI?CHANNEL=n&CMD1=VALUE1&CMD2
where n is the channel ID of the Video Server started from 1.The CHANNEL command must follow the account command or be the first command in the URL.
There are two levels of the URL in a QUAD or 2CH Encoder device. The first level is the global URL and the second level is the channel level URL. To identify the level of URL, the CHANNEL command is used. The global URL does not need to have CHANNEL command but the channel URL needs to use CHANNEL command.
Format of the global URL
http://ip:port/cgi-bin/CGI?USER=Admin&PWD=123456&CMD1=VALUE1&CMD2
or
http://ip:port/cgi-bin/cmd/CGI?CMD1=VALUE1&CMD2
where
CGI: the CGI program. It could be system or quad.Format of the channel URL
http://ip:port/cgi-bin/CGI?USER=Admin&PWD=123456&CHANNEL=n&CMD1=VALUE1&CMD2
or
http://ip:port/cgi-bin/cmd/CGI?CHANNEL=n&CMD1=VALUE1&CMD2
where n is the channel ID of the Video Server started from 1.The CHANNEL command must follow the account command or be the first command in the URL.
HOME