{"id":2015,"date":"2017-01-01T15:18:15","date_gmt":"2017-01-01T13:18:15","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=2015"},"modified":"2018-05-07T23:21:26","modified_gmt":"2018-05-07T20:21:26","slug":"openwrt-an-alternative-for-improving-network-security-at-home-with-firewall-and-web-proxy","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=2015","title":{"rendered":"OpenWrt, an alternative for improving network security at home with firewall and web proxy"},"content":{"rendered":"<p><strong>Introduction<\/strong><\/p>\n<p><a href=\"https:\/\/openwrt.org\/\">OpenWrt<\/a> is a Linux distribution that can be loaded into many wireless routers by replacing the original firmware with OpenWrt firmware. The picture below shows 2 such routers, together with Raspberry Pi on the right for comparison.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/openwrt51.png\" alt=\"openwrt51\" width=\"550\" height=\"315\" \/><\/p>\n<p>My interest on Openwrt was to figure out if it can be used to provide better protection at home network. I also wanted to see that what traffic there really is, and how I can better control it.<\/p>\n<blockquote><p>Some history: I was not positively surprised when I realized that the USB device that I was using was automatically checking and downloading software update. I thought that installing the USB driver the first time was sufficient, since this USB device had nothing to do with networking. But no, without informing about it, it simply had been doing the automatic downloads until I happened to find it out.<\/p><\/blockquote>\n<p>From <a href=\"https:\/\/en.wikipedia.org\/wiki\/OpenWrt\">wikipedia<\/a>:<\/p>\n<blockquote><p>The project came into being because Linksys built the firmware for their WRT54G series of wireless routers from publicly available code licensed under the GPL. Using this code as a base and later as a reference, developers created a Linux distribution that offers many features not previously found in consumer-level routers. The code names of OpenWrt branches are named after alcoholic beverages&#8230;<\/p><\/blockquote>\n<p><strong>Openwrt software packages<\/strong><\/p>\n<p>These routers do not have much computing power but often by using Openwrt one can get more functionalities than by using the original firmware. There are several packages available in the <a href=\"https:\/\/downloads.openwrt.org\/chaos_calmer\/15.05.1\/\">download<\/a> area. But if one installs anything that is too heavy then there will be a downgrade on network performance.<\/p>\n<p>Some potentially useful features:<\/p>\n<ul>\n<li>filtering web proxy (Privoxy, tinyproxy)<\/li>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>also transparent proxy setup<\/li>\n<\/ul>\n<\/li>\n<li>firewall<\/li>\n<li>online USB storage<\/li>\n<li>wireless access for guests (guest WLAN)<\/li>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Captive_portal\">captive portal<\/a><\/li>\n<li>bandwith monitoring<\/li>\n<li>port mirroring<\/li>\n<li>network troubleshooting<\/li>\n<li><a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/ddns.client\">dynamic DNS<\/a><\/li>\n<li><a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/vpn.openvpn\">openVPN<\/a><\/li>\n<li><a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/portknock.server\">port knocking<\/a><\/li>\n<li>IPset administration utility<\/li>\n<\/ul>\n<p>One might be able to operate and configure the router mostly via web. But the truth is that command line interface is often needed for detailed configurations and troubleshooting. For example, the original firmware would support the USB storages, but with Openwrt some operations on command line are needed in order to configure the USB storage devices. Needless to say that even though there is documentation, it is still difficult to find good instructions that work for you. This is due to so many different Openwrt software releases and hardware devices.<\/p>\n<p><strong>Summary of 2 different wireless routers<\/strong><\/p>\n<p>I have tested some Openwrt features on 2 different routers that supports Openwrt: Buffalo <a href=\"https:\/\/wiki.openwrt.org\/toh\/buffalo\/whr-hp-g300n\">WHR-HP-300N<\/a> and TP-link <a href=\"https:\/\/wiki.openwrt.org\/toh\/tp-link\/tl-wr1043nd\">TL-WR1043ND<\/a> . For other devices that support Openwrt, please see <a href=\"https:\/\/wiki.openwrt.org\/toh\/start\">the list<\/a>. The table below summarizes the result when focussing on controlling the network traffic better with firewall and with web proxy.<\/p>\n<table border=\"1\">\n<tbody>\n<tr>\n<th>Software<\/th>\n<th>WHR-HP-300N<\/th>\n<th>TL-WR1043ND<\/p>\n<p>(see recommended <a href=\"https:\/\/wiki.openwrt.org\/toh\/recommended_routers\">routers<\/a>)<\/th>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/wiki.openwrt.org\/doc\/uci\/firewall\">Firewall<\/a><\/td>\n<td>configured via web GUI<\/td>\n<td>configured via web GUI<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/proxy.overview\">web proxy<\/a> (<a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/proxy.tinyproxy\">tinyproxy<\/a>)<\/td>\n<td>installed via <a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/proxy.tinyproxy\">command line<\/a>, configured via web GUI.<\/td>\n<td>installed via <a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/proxy.tinyproxy\">command line<\/a>, configured via web GUI.<br \/>\nThis proxy works for both http and https.<br \/>\n(However, for https it does not show any good error page for rejected sites.)<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/usb.storage\">USB storage<\/a><\/td>\n<td>no USB<\/td>\n<td>following the instructions, USB storage is working.<br \/>\nOn client side one can use WinSCP with SCP protocol to access any file in router.<\/td>\n<\/tr>\n<tr>\n<td>Network monitoring<\/td>\n<td><a href=\"https:\/\/forum.openwrt.org\/viewtopic.php?id=28878\">port mirroring<\/a> was possible via <a href=\"https:\/\/wiki.openwrt.org\/inbox\/doc\/iptables_and_firewall\">iptables<\/a>.<br \/>\nIn this scenario, the traffic to certain IP address was copied into another IP address,<br \/>\nand it does not depend on which physical ports of the switch are used.<\/p>\n<p>There was no space to install tcpdump,<br \/>\nbut it was possible to run tcpdump without installation.<br \/>\nThere was space enough for libpcap installation after<br \/>\nwhich tcpdump was executed from the \/tmp area.<br \/>\nOne need to set the environment variables PATH<br \/>\nand LD_LIBRARY_PATH manually.<\/td>\n<td>port mirroring between <span style=\"text-decoration: underline;\">physical<\/span> ports was easily possible since it is supported by internal switch.<br \/>\n(See below about the chapter on port mirroring)<\/p>\n<p>iftop, command line tool, is working fine.<\/td>\n<\/tr>\n<tr>\n<td>command line (ssh)<\/td>\n<td>activated &amp; configured via GUI,<br \/>\nneed to add port forwarding if want to access it from wan side.<\/td>\n<td>activated &amp; configured via GUI,<br \/>\nneed to add port forwarding if want to access it from wan side.<\/td>\n<\/tr>\n<tr>\n<td>Openwrt installation<br \/>\nChaos Calmer 15.05<\/td>\n<td>via original web GUI<\/td>\n<td>via original web GUI<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/wiki.openwrt.org\/doc\/techref\/flash.layout\">Flash<\/a> memory<\/td>\n<td>4M<\/td>\n<td>8M<\/td>\n<\/tr>\n<tr>\n<td>RAM memory<\/td>\n<td>32M<\/td>\n<td>64M<\/td>\n<\/tr>\n<tr>\n<td>CPU<\/td>\n<td>Atheros <a href=\"https:\/\/wiki.openwrt.org\/toh\/views\/toh_dev_platforms?dataflt[Platform*~]=AR7240\">AR7240<\/a><\/p>\n<p>Target: ar71xx<br \/>\nInstruction Set: MIPS<\/td>\n<td>Atheros <a href=\"https:\/\/wiki.openwrt.org\/toh\/views\/toh_dev_platforms?dataflt[Platform*~]=QCA9558\">QCA9558<\/a><\/p>\n<p>Target: ar71xx<br \/>\nInstruction Set: MIPS<\/td>\n<\/tr>\n<tr>\n<td>internal switch<\/td>\n<td>Atheros AR7240<\/td>\n<td>Atheros AR8327N<br \/>\n<a href=\"https:\/\/wiki.openwrt.org\/toh\/tp-link\/tl-wr1043nd?datasrt=ram%20mb#switch_ports_for_vlans\">Note<\/a>:<br \/>\noutside LAN port 1 = internal switch port 4<br \/>\noutside LAN port 2 = internal switch port 3<br \/>\noutside LAN port 3 = internal switch port 2<br \/>\noutside LAN port 4 = internal switch port 1<\/td>\n<\/tr>\n<tr>\n<td>NW speed (MHz)<\/td>\n<td>10\/100<\/td>\n<td>10\/100\/1000<\/td>\n<\/tr>\n<tr>\n<td>WiFi chip<\/td>\n<td>Atheros AR9283<\/td>\n<td>Atheros QCA9558<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>TL-WR1043ND with firewall and web proxy<\/strong><\/p>\n<p>Before restricting the traffic with firewall, it is better to configure the proxy &#8220;<a href=\"https:\/\/wiki.openwrt.org\/oldwiki\/proxy.tinyproxy?s[]=transparent&amp;s[]=proxy\">tinyproxy<\/a>&#8221; and test that it is working. It is assumed that <a href=\"https:\/\/wiki.openwrt.org\/doc\/uci\/firewall?s[]=transparent&amp;s[]=proxy#transparent_proxy_rule_same_host\">transparent proxy<\/a> is not used, but proxy need to be configured manually at each client.<\/p>\n<p>The picture on the left below shows the configuration settings. These GUI menus were available after installation of tinyproxy, as there is specific GUI app for it. In this current setup, port 80 is used for the openwrt GUI and port 443 is used for the tinyproxy at the router. (The listen address could also be &#8220;192.168.1.1&#8221;, but then the tinyproxy statistics GUI did not work). The picture on the right shows the settings for the filtering. The file with filtering conditions, can be updated via GUI.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-003-tinyproxyconfig.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-003-tinyproxyconfig-small.png\" alt=\"WR1043ND-003-tinyproxyconfig\" width=\"300\" height=\"421\" \/><\/a> <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-003-tinyproxyfiltering.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-003-tinyproxyfiltering-small.png\" alt=\"WR1043ND-003-tinyproxyfiltering\" width=\"300\" height=\"250\" \/><\/a><\/p>\n<p>The picture below shows the status window.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-003-tinyproxystatus.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-003-tinyproxystatus-small.png\" alt=\"WR1043ND-003-tinyproxystatus\" width=\"300\" height=\"181\" \/><\/a><\/p>\n<p>The URL traffic log is available at file &#8220;\/var\/log\/tinyproxy.log&#8221;. The &#8220;not allowed&#8221; traffic is visible in a line as &#8216;Proxying refused on filtered url &#8220;yyy&#8221;&#8216;. For http the full <a href=\"https:\/\/en.wikipedia.org\/wiki\/Uniform_Resource_Locator\">URL<\/a> is visible; for https only the protocol, hostname and port are visible, but not the path or file name.<\/p>\n<p>After web proxy was working, then next was the firewall configuration. Again this is possible and easier to do via web GUI. One can use command line to see the configuration &#8220;cat \/etc\/config\/firewall&#8221;.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-firewall-gui-console.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-firewall-gui-console-small.png\" alt=\"WR1043ND-002-firewall-GUI-console\" width=\"300\" height=\"216\" \/><\/a><\/p>\n<p>The picture below shows the new firewall rules to deny traffic from lan to wan (rule &#8220;deny-nonproxy&#8221;), except from the web proxy (rule &#8220;allow-proxy&#8221;).<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-firewall-rules-1.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-firewall-rules-1-small.png\" alt=\"WR1043ND-002-firewall-rules\" width=\"300\" height=\"131\" \/><\/a><\/p>\n<p>The next picture shows &#8220;Firewall Zone settings: Enable logging on this zone&#8221;. This is needed in order to see what traffic does not go through the firewall. One can see the rejected traffic in the menu Status-&gt;System Log (or using &#8220;logread&#8221; via the command line).<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-firewall-logging-1.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-firewall-logging-1-small.png\" alt=\"WR1043ND-002-firewall-logging\" width=\"300\" height=\"189\" \/><\/a><\/p>\n<p>For existing connections, one can look at Status-&gt; Realtime Graphs-&gt;Connections.<\/p>\n<p>Other: The 2 figures below show the other real time graphics: traffic and load.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-realtime-traffic.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-realtime-traffic-small.png\" alt=\"WR1043ND-002-realtime-traffic\" width=\"300\" height=\"217\" \/><\/a> <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-realtime-load.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-realtime-load-small.png\" alt=\"WR1043ND-002-realtime-load\" width=\"300\" height=\"208\" \/><\/a><\/p>\n<p><strong>Other:<\/strong> <strong>Planning to test TL-WR1043ND with ipset<\/strong><\/p>\n<p>Big blacklists can effect the performance. Managing of firewall blacklists could be easier with <a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/netfilter#ipset\">ipset<\/a> (IPset administration utility). There are several source for blacklist. for example <a href=\"https:\/\/github.com\/kravietz\/blacklist-scripts\">here<\/a>, <a href=\"https:\/\/forum.openwrt.org\/viewtopic.php?id=56008\">here<\/a>, <a href=\"http:\/\/xmodulo.com\/block-unwanted-ip-addresses-linux.html\">here<\/a> and <a href=\"https:\/\/ipsec.pl\/openwrt\/2014\/effective-ip-blacklisting-openwrt.html\">here<\/a>. (There is also a list of <a href=\"http:\/\/www.nirsoft.net\/countryip\/index.html\">IP addresses by country<\/a>.)<\/p>\n<p><strong>Other: TL-WR1043ND with port mirroring<\/strong><\/p>\n<p>The instructions at the openwrt <a href=\"https:\/\/wiki.openwrt.org\/toh\/tp-link\/tl-wr1043nd?datasrt=ram%20mb#port_mirroring\">site<\/a> are showing configuration settings for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Port_mirroring\">port mirroring<\/a>. This switch supports the port mirroring, and therefore there is no need to do this via iptables. However, it is possible to do this configuration also via web GUI. Please note that the internal switch port number and the outside LAN connectors are not the same. The figure below shows the networking <a href=\"https:\/\/wiki.openwrt.org\/toh\/tp-link\/tl-wr1043nd?datasrt=ram%20mb#switch_ports_for_vlans\">setup<\/a> of this wireless router. In order to see (and capture) the traffic in the monitor port, remember to put the network interface into <a href=\"https:\/\/en.wikipedia.org\/wiki\/Promiscuous_mode\">prosmicious mode<\/a> when using a tool like <a href=\"https:\/\/www.wireshark.org\/\">wireshark<\/a>.<\/p>\n<p><a href=\"https:\/\/wiki.openwrt.org\/toh\/tp-link\/tl-wr1043nd?datasrt=ram%20mb#switch_ports_for_vlans\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-001.png\" alt=\"WR1043ND-001\" width=\"450\" height=\"248\" \/><\/a><\/p>\n<p>The picture below shows the port mirroring configuration in the web GUI, and the corresponding printout via command line &#8220;cat \/etc\/config\/network&#8221;. The traffic in the physical port 4 (LAN port 4) was copied into physical port 1, where a PC with wireshark was running.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-portmirrorring.png\"><img loading=\"lazy\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/01\/wr1043nd-002-portmirrorring-small.png\" alt=\"WR1043ND-002-portmirrorring\" width=\"300\" height=\"251\" \/><\/a><\/p>\n<p><strong>Other: opkg package manager<\/strong><\/p>\n<p>Installations can easily be done via command line, thanks to <a href=\"https:\/\/wiki.openwrt.org\/doc\/techref\/opkg\">opkg<\/a>. If the space is runned out while installation, then one need to clean up manually. Here below are some opkg commands to show details about <a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/bwmon?s[]=iftop#using_iftop\">iftop<\/a> package. Since the actual firmware area is read-only, the actual location of the file is in \/overlay&#8230;<\/p>\n<div style=\"overflow: auto; height: 430px; width: 600px;\">\n<pre>root@OpenWrt:~# opkg info iftop\r\nPackage: iftop\r\nVersion: 1.0pre2-1\r\nDepends: libc, libpcap, libncurses, libpthread\r\nStatus: install user installed\r\nArchitecture: ar71xx\r\nInstalled-Time: 1483024587\r\nroot@OpenWrt:~# opkg status iftop\r\nPackage: iftopVersion: 1.0pre2-1\r\nDepends: libc, libpcap, libncurses, libpthread\r\nStatus: install user installed\r\nArchitecture: ar71xx\r\nInstalled-Time: 1483024587\r\nroot@OpenWrt:~# opkg files iftop\r\nPackage iftop (1.0pre2-1) is installed on root and has the following files:\r\n\/usr\/bin\/iftop\r\nroot@OpenWrt:~# ls -la \/usr\/bin\/iftop\r\n-rwxr-xr-x 1 root root 33640 Jan 31 2016 \/usr\/bin\/iftop\r\nroot@OpenWrt:~# ls -la \/overlay\/upper\/usr\/bin\/iftop\r\n-rwxr-xr-x 1 root root 33640 Jan 31 2016 \/overlay\/upper\/usr\/bin\/iftop<\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p><strong>Other: additional statistics<\/strong><\/p>\n<p>One can get more statistics on openwrt GUI with additional packages, see <a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/statistical.data.overview\">Statistical Data Overview<\/a> and <a href=\"https:\/\/wiki.openwrt.org\/doc\/howto\/luci_app_statistics\">luci-app-statistics<\/a>.<\/p>\n<p>It is possible to send all the different logs via syslog or syslog-ng into another host for even better analysis&#8230;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>WHR-HP-300N<\/strong><\/p>\n<p>This router has much less space for installing additional packages.<\/p>\n<div style=\"overflow: auto; height: 430px; width: 600px;\">\n<pre>root@OpenWrt:~# cat \/proc\/cpuinfo\r\nsystem type             : Atheros AR7240 rev 2\r\nmachine                 : Buffalo WHR-HP-G300N\r\nprocessor               : 0\r\ncpu model               : MIPS 24Kc V7.4\r\nBogoMIPS                : 265.42\r\nwait instruction        : yes\r\nmicrosecond timers      : yes\r\ntlb_entries             : 16\r\nextra interrupt vector  : yes\r\nhardware watchpoint     : yes, count: 4, address\/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]\r\nisa                     : mips1 mips2 mips32r1 mips32r2\r\nASEs implemented        : mips16\r\nshadow register sets    : 1\r\nkscratch registers      : 0\r\npackage                 : 0\r\ncore                    : 0\r\nVCED exceptions         : not available\r\nVCEI exceptions         : not available\r\nroot@OpenWrt:~# df -h\r\nFilesystem                Size      Used Available Use% Mounted on\r\nrootfs                  448.0K    252.0K    196.0K  56% \/\r\n\/dev\/root                 2.3M      2.3M         0 100% \/rom\r\ntmpfs                    14.0M    492.0K     13.6M   3% \/tmp\r\n\/dev\/mtdblock5          448.0K    252.0K    196.0K  56% \/overlay\r\noverlayfs:\/overlay      448.0K    252.0K    196.0K  56% \/\r\ntmpfs                   512.0K         0    512.0K   0% \/dev<\/pre>\n<\/div>\n<p><b>VPNs and WRT<\/b><br \/>\nBoth OpenWrt and DD-Wrt other usefull security related features. For a VPN related comparison, one could look <a href=\"https:\/\/www.comparitech.com\/blog\/vpn-privacy\/best-vpn-dd-wrt-router\/\">comparison of VPNs on DD-Wrt<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction OpenWrt is a Linux distribution that can be loaded into many wireless routers by replacing the original firmware with OpenWrt firmware. The picture below shows 2 such routers, together with Raspberry Pi on the right for comparison. My interest &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=2015\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[17,62,68,74,34,80,21,6,44,10,7,20],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2015"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2015"}],"version-history":[{"count":4,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2015\/revisions"}],"predecessor-version":[{"id":2138,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2015\/revisions\/2138"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}