captive portal v2: Captive portal and Admin UI on the same ports is problematic but inevitable for now

diladele / websafety

Simple and powerful web filter for HTTP and HTTPS traffic

https://www.diladele.com

243 stars 24 forks source link

captive portal v2: Captive portal and Admin UI on the same ports is problematic but inevitable for now #1993

Open ra-at-diladele-com opened 1 year ago

ra-at-diladele-com commented 1 year ago

The captive portal functionality now lives in /portal url in the same Admin UI of Web Safety. If we deploy proxy in Microsoft Azure we typically would like to limit the incoming connections to Admin UI to public IP of the admin workstation.

But if we do that and later enable Captive Portal - access to Captive Portal will also be blocked by the firewall.

ra-at-diladele-com commented 1 year ago

We need to somehow run the Captive Portal UI on different port maybe?

ra-at-diladele-com commented 1 year ago

Add the following to /etc/apache2/sites-enabled/websafety.conf. It would restrict access to any location other than /portal to all IP addresses but 1.2.3.4 (your admin workstation IP).

# only allow connections to *not* /portal for the specific IP
<Location ~ "^/(?!portal)">
        Order deny,allow
        Deny from all
        Allow from 1.2.3.4
</Location>

ra-at-diladele-com commented 1 year ago

In future a good idea is to separate the Captive Portal UI and Admin UI - this must be done for the Cloud Proxy project to be able to have Captive Portal too.