[SOLVED] Disable web access on internet facing IPs

[wbk]

Hi all,

I have an external PBX for remote backup. At the moment the web interface is accessible via the Internet.

I have SSH access via public key for root and disabled password access. Of course root now can not log in via the web interface, which is the way I like it as long it is on the public internet.

How can I prevent the web interface from being accessible on public IPs, and instead making it available over VPN? I was not able to find an earlier question with keywords that came to mind.

 

[Chris]

Hi all,

I have an external PBX for remote backup. At the moment the web interface is accessible via the Internet.

I have SSH access via public key for root and disabled password access. Of course root now can not log in via the web interface, which is the way I like it as long it is on the public internet.

How can I prevent the web interface from being accessible on public IPs, and instead making it available over VPN? I was not able to find an earlier question with keywords that came to mind.

Hi,
you can set up a firewall rule which drops/rejects incoming traffic to the PBS proxy listening on port 8007 from all non-local networks (as of writing you will have to do this via cli).
Note that this will however also block traffic to the API, so your clients must connect over VPN as well to perform backups. If you only pull the contents from another PBS instance via a sync job, this limitation does not apply.

 

[wbk]

Hi Chris,

Thank you, this solution will do!