Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restrict WebGUI (lighthttpd) to internal network interfaces

    Scheduled Pinned Locked Moved webGUI
    4 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrewinhawaii
      last edited by

      I would like to restrict lighthttpd to only my internal network, because I'd rather not have people on the web hacking into my config.  All it takes is:

      |                   | ```
       server.bind                = "internal.port.ip.address"

      
in **/var/etc/lighty-webConfigurator.conf**.  It would be nice to just add some check boxes for the _System : Advanced : Admin Access_ page - one for each configured interface.

The reason I don't just block port 80 (or whatever) is that I would like to serve a different page to the external interface.  In my application, it's very simple, just an HD webcam from my house.  Previously I ran two instances of _boa_, one for inside and one for outside.  Should I (a) use two instances of _lighthttpd_, (b) run one instance with two base pages, or © one _lighthttpd_ and one _boa_?  I think the answer is (b) but I'm having some difficulty groking: [How do I bind to more than one address?](http://redmine.lighttpd.net/projects/lighttpd/wiki/FrequentlyAskedQuestions#How-do-I-bind-to-more-than-one-address)

I'd appreciate any help please.

Thanks,

Andrew
      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Usually I change pfsense web gui port on system -> advanced and protect it using firewall rules.

        keep in mind that default wan config does not allow any traffic from internet to wan interface.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • A
          andrewinhawaii
          last edited by

          @marcelloc:

          Usually I change pfsense web gui port on system -> advanced and protect it using firewall rules.

          Well, yes, that's the port but not the interface.  By default, lighthttpd binds to all available interfaces.

          keep in mind that default wan config does not allow any traffic from internet to wan interface.

          Yes, the default configuration works very well at keeping the internet at bay from my network until I added some sensible rules.  However, I would like to present one set of web pages to the WAN interface and the WebGUI pages to the LAN interface.  The firewall rules are incapable of selecting for content.

          Andrew

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            You mean use pfsense as a web server?

            If so, there is a package for it.

            if you want to do it by Hand, change webgui port, create/copy lighthttp config and start it as a second web server.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.