• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Restrict WebGUI (lighthttpd) to internal network interfaces

Scheduled Pinned Locked Moved webGUI
4 Posts 2 Posters 4.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    andrewinhawaii
    last edited by Mar 18, 2012, 6:36 AM Mar 17, 2012, 10:16 AM

    I would like to restrict lighthttpd to only my internal network, because I'd rather not have people on the web hacking into my config.  All it takes is:

    |                   | ```
     server.bind                = "internal.port.ip.address"

    
in **/var/etc/lighty-webConfigurator.conf**.  It would be nice to just add some check boxes for the _System : Advanced : Admin Access_ page - one for each configured interface.

The reason I don't just block port 80 (or whatever) is that I would like to serve a different page to the external interface.  In my application, it's very simple, just an HD webcam from my house.  Previously I ran two instances of _boa_, one for inside and one for outside.  Should I (a) use two instances of _lighthttpd_, (b) run one instance with two base pages, or © one _lighthttpd_ and one _boa_?  I think the answer is (b) but I'm having some difficulty groking: [How do I bind to more than one address?](http://redmine.lighttpd.net/projects/lighttpd/wiki/FrequentlyAskedQuestions#How-do-I-bind-to-more-than-one-address)

I'd appreciate any help please.

Thanks,

Andrew
    1 Reply Last reply Reply Quote 0
    • M
      marcelloc
      last edited by Mar 18, 2012, 1:07 PM

      Usually I change pfsense web gui port on system -> advanced and protect it using firewall rules.

      keep in mind that default wan config does not allow any traffic from internet to wan interface.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • A
        andrewinhawaii
        last edited by Mar 18, 2012, 5:44 PM

        @marcelloc:

        Usually I change pfsense web gui port on system -> advanced and protect it using firewall rules.

        Well, yes, that's the port but not the interface.  By default, lighthttpd binds to all available interfaces.

        keep in mind that default wan config does not allow any traffic from internet to wan interface.

        Yes, the default configuration works very well at keeping the internet at bay from my network until I added some sensible rules.  However, I would like to present one set of web pages to the WAN interface and the WebGUI pages to the LAN interface.  The firewall rules are incapable of selecting for content.

        Andrew

        1 Reply Last reply Reply Quote 0
        • M
          marcelloc
          last edited by Mar 18, 2012, 6:03 PM

          You mean use pfsense as a web server?

          If so, there is a package for it.

          if you want to do it by Hand, change webgui port, create/copy lighthttp config and start it as a second web server.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received