Prevent Web Configurator Login
-
Is it possible to turn off Web Configurator login capability for OpenVPN user accounts?
-
There are a few things you can do:
-
Go to System -> User Manager -> Groups tab, then you can configure the Assigned Privileges, which include access to the WebCfg pages
-
Create a deny rule on your openvpn tab for traffic destined for PFsense on port 80
-
Change the management port and don't give it out
-
-
-
Does not prevent account from WebConfigurator login. Just restricts access to WebConfigurator pages.
-
Only works for OpenVPN connection access.
-
Not difficult to find the changed and non disclosed WebConfigurator port.
-
-
Don't put them in any group that has rights, or no group at all.
-
- Does not prevent account from WebConfigurator login. Just restricts access to WebConfigurator pages.
Check cmb's post… that was exactly my point.... don't put them in group that has access.
- Only works for OpenVPN connection access.
You can put those rules on any interface.
- Not difficult to find the changed and non disclosed WebConfigurator port.
So, change it and install firewall rules to harden access. Not difficult to keep people out with firewall rules.