Difference between revisions of "Restrict admin access to LAN"
(Created page with 'Restrict admin access to LAN Author: snis<br> If you want to restrict your Bubba admin interface (http://bubba/admin) to you local LAN and not having it enabled on the WAN for ...') |
|||
Line 1: | Line 1: | ||
Restrict admin access to LAN | Restrict admin access to LAN | ||
Author: snis<br> | Author: snis<br> | ||
If you want to restrict your Bubba admin interface (http://bubba/admin) to you local LAN and not having it enabled on the WAN for the rest of the world to see, this guide might be for you. | If you want to restrict your Bubba admin interface (http://bubba/admin) to you local LAN and not having it enabled on the WAN for the rest of the world to see, this guide might be for you. | ||
Using ssh, log on to Bubba (as your regular user). To become root Type: | Using ssh, log on to Bubba (as your regular user). To become root Type: | ||
<pre>su -</pre> | <pre>su -</pre> | ||
And enter the password: | And enter the password: | ||
<pre>excito</pre> | <pre>excito</pre> | ||
If you haven't changed the default, that is. | If you haven't changed the default, that is. | ||
Edit your the admin part of the Apache config: | Edit your the admin part of the Apache config: | ||
<pre>nano /etc/apache2/conf.d/admin.conf</pre> | <pre>nano /etc/apache2/conf.d/admin.conf</pre> | ||
You will find the part <Directory /usr/share/web-admin/admin>, change it to: | |||
You will find the part <Directory /usr/share/web-admin/admin>, change it to: | |||
<pre><Directory /usr/share/web-admin/admin > | <pre><Directory /usr/share/web-admin/admin > | ||
AllowOverride None | AllowOverride None | ||
Line 24: | Line 22: | ||
AddHandler php-cgi .php | AddHandler php-cgi .php | ||
Action php-cgi /fcgi-bin/php.cgi virtual | Action php-cgi /fcgi-bin/php.cgi virtual | ||
</Directory></pre> | </Directory></pre> | ||
Observe that the network 192.168.10.0/24 should match the network you have on your LAN. If you are unsure can find it under: | Observe that the network 192.168.10.0/24 should match the network you have on your LAN. If you are unsure can find it under: | ||
<pre>http://bubba/admin/network/lan</pre> | <pre>http://bubba/admin/network/lan</pre> | ||
For example: your IP address is: 192.168.0.10 and your netmask is 255.255.255.0, then the Allow from should be: | For example: your IP address is: 192.168.0.10 and your netmask is 255.255.255.0, then the Allow from should be: | ||
<pre>Allow from 192.168.0.0/24</pre> | <pre>Allow from 192.168.0.0/24</pre> | ||
<br> After you have edited the file, you have to reload Apache to reflect the changes. Type the following: | |||
<pre>/etc/init.d/apache2 reload</pre> | |||
After you have edited the file, you have to reload Apache to reflect the changes. Type the following: | <br> Done!<br>This change will likely be overwritten and changed back to the defaults if you upgrade your Bubba<br> | ||
<pre> | |||
/etc/init.d/apache2 reload</pre> | |||
Done!<br>This change will likely be overwritten and changed back to the defaults if you upgrade your Bubba<br> |
Revision as of 10:52, 28 December 2010
Restrict admin access to LAN
Author: snis
If you want to restrict your Bubba admin interface (http://bubba/admin) to you local LAN and not having it enabled on the WAN for the rest of the world to see, this guide might be for you.
Using ssh, log on to Bubba (as your regular user). To become root Type:
su -
And enter the password:
excito
If you haven't changed the default, that is.
Edit your the admin part of the Apache config:
nano /etc/apache2/conf.d/admin.conf
You will find the part <Directory /usr/share/web-admin/admin>, change it to:
<Directory /usr/share/web-admin/admin > AllowOverride None Order Deny,Allow Deny from all Allow from 192.168.10.0/24 DirectoryIndex index.php AddHandler php-cgi .php Action php-cgi /fcgi-bin/php.cgi virtual </Directory>
Observe that the network 192.168.10.0/24 should match the network you have on your LAN. If you are unsure can find it under:
http://bubba/admin/network/lan
For example: your IP address is: 192.168.0.10 and your netmask is 255.255.255.0, then the Allow from should be:
Allow from 192.168.0.0/24
After you have edited the file, you have to reload Apache to reflect the changes. Type the following:
/etc/init.d/apache2 reload
Done!
This change will likely be overwritten and changed back to the defaults if you upgrade your Bubba