Restrict admin access to LAN
Posted: 10 Sep 2009, 14:37
If you want to restrict your Bubba admin interface (http://bubba/admin) to you local LAN and not having it enabled on the WAN for the rest of the world to see, this guide might be for you.
Using ssh, log on to Bubba (as your regular user). To become root Type:
And enter the password:
If you haven't changed the default, that is.
Edit your the admin part of the Apache config:
You will find the part <Directory /usr/share/web-admin/admin>, change it to:
Observe that the network 192.168.10.0/24 should match the network you have on your LAN. If you are unsure can find it under:
For example: your IP address is: 192.168.0.10 and your netmask is 255.255.255.0, then the Allow from should be:
After you have edited the file, you have to reload Apache to reflect the changes. Type the following:
Done!
This change will likely be overwritten and changed back to the defaults if you upgrade your Bubba
If you have any better ways of doing this, please let me know..
Using ssh, log on to Bubba (as your regular user). To become root Type:
Code: Select all
su -
Code: Select all
excito
Edit your the admin part of the Apache config:
Code: Select all
nano /etc/apache2/conf.d/admin.conf
Code: Select all
<Directory /usr/share/web-admin/admin >
AllowOverride None
Order Deny,Allow
Deny from all
Allow from 192.168.10.0/24
DirectoryIndex index.php
AddHandler php-cgi .php
Action php-cgi /fcgi-bin/php.cgi virtual
</Directory>
Code: Select all
http://bubba/admin/network/lan
Code: Select all
Allow from 192.168.0.0/24
Code: Select all
/etc/init.d/apache2 reload
This change will likely be overwritten and changed back to the defaults if you upgrade your Bubba
If you have any better ways of doing this, please let me know..