Prevent Web Configurator Login



  • Is it possible to turn off Web Configurator login capability for OpenVPN user accounts?



  • There are a few things you can do:

    • Go to System -> User Manager -> Groups tab, then you can configure the Assigned Privileges, which include access to the WebCfg pages

    • Create a deny rule on your openvpn tab for traffic destined for PFsense on port 80

    • Change the management port and don't give it out



    1. Does not prevent account from WebConfigurator login.  Just restricts access to WebConfigurator pages.

    2. Only works for OpenVPN connection access.

    3. Not difficult to find the changed and non disclosed WebConfigurator port.



  • Don't put them in any group that has rights, or no group at all.



  • @NOYB:

    1. Does not prevent account from WebConfigurator login.  Just restricts access to WebConfigurator pages.

    Check cmb's post…  that was exactly my point.... don't put them in group that has access.

    1. Only works for OpenVPN connection access.

    You can put those rules on any interface.

    1. Not difficult to find the changed and non disclosed WebConfigurator port.

    So, change it and install firewall rules to harden access.  Not difficult to keep people out with firewall rules.


Log in to reply