Restrict WebGUI (lighthttpd) to internal network interfaces



  • I would like to restrict lighthttpd to only my internal network, because I'd rather not have people on the web hacking into my config.  All it takes is:

    |                   | ```
     server.bind                = "internal.port.ip.address"

    
    in **/var/etc/lighty-webConfigurator.conf**.  It would be nice to just add some check boxes for the _System : Advanced : Admin Access_ page - one for each configured interface.
    
    The reason I don't just block port 80 (or whatever) is that I would like to serve a different page to the external interface.  In my application, it's very simple, just an HD webcam from my house.  Previously I ran two instances of _boa_, one for inside and one for outside.  Should I (a) use two instances of _lighthttpd_, (b) run one instance with two base pages, or © one _lighthttpd_ and one _boa_?  I think the answer is (b) but I'm having some difficulty groking: [How do I bind to more than one address?](http://redmine.lighttpd.net/projects/lighttpd/wiki/FrequentlyAskedQuestions#How-do-I-bind-to-more-than-one-address)
    
    I'd appreciate any help please.
    
    Thanks,
    
    Andrew


  • Usually I change pfsense web gui port on system -> advanced and protect it using firewall rules.

    keep in mind that default wan config does not allow any traffic from internet to wan interface.



  • @marcelloc:

    Usually I change pfsense web gui port on system -> advanced and protect it using firewall rules.

    Well, yes, that's the port but not the interface.  By default, lighthttpd binds to all available interfaces.

    keep in mind that default wan config does not allow any traffic from internet to wan interface.

    Yes, the default configuration works very well at keeping the internet at bay from my network until I added some sensible rules.  However, I would like to present one set of web pages to the WAN interface and the WebGUI pages to the LAN interface.  The firewall rules are incapable of selecting for content.

    Andrew



  • You mean use pfsense as a web server?

    If so, there is a package for it.

    if you want to do it by Hand, change webgui port, create/copy lighthttp config and start it as a second web server.


Log in to reply