Overview

The Hikvision DS-2CD3132-I is an embedded CCTV surveillance camera. It is entirely unsafe for it to have any Internet access, either inbound, or outbound. However, it is a solid device with good performance. In this example, we recommend putting the device on an isolated network segment, no inbound, no outbound connectivity. Straddling this segment place a machine running the Agilicus Connector, which makes an outbound connection to the Agilicus AnyX Cloud.

Configure the camera as an application as normal. However, the Hikvision has a limitation on the number of HTTP headers, breaking it with modern browsers. To solve this, we will use the Agilicus AnyX Web Application Firewall to remove unused headers. The specific headers I am removing include:

• Dnt
• Priority
• Sec-Ch-Ua
• Sec-Ch-Ua-Mobile
• Sec-Ch-Ua-Platform
• Sec-Fetch-Dest
• Sec-Fetch-Mode
• Sec-Fetch-Site
• Sec-Fetch-User
• Sec-Gpc
• Upgrade-Insecure-Requests
• X-Envoy-External-Address
• X-Forwarded-For
• X-Forwarded-Host
• X-Forwarded-Proto
• X-Request-Id