Disable FreePBX Admin Access Via Port 80

Alex Sage

https://community.freepbx.org/t/lets-encrypt-dns-challenge/39325/

NashBrydges

If this helps, this is what I see in the port management.

0_1537563100625_1acdcb85-567c-43b3-a36e-c4ea45f34eac-image.png

I can't block it at the firewall level since LE needs port 80. So if I can't close the port, would love to redirect the admin page. I suppose I could setup Nginx but would prefer not to have to do that.

JaredBusch

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

If this helps, this is what I see in the port management.

I can't block it at the firewall level since LE needs port 80. So if I can't close the port, would love to redirect the admin page. I suppose I could setup Nginx but would prefer not to have to do that.

Better question here is, why do you care?

ID will kill repeated attempts.

scottalanmiller

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

If this helps, this is what I see in the port management.

I can't block it at the firewall level since LE needs port 80. So if I can't close the port, would love to redirect the admin page. I suppose I could setup Nginx but would prefer not to have to do that.

Better question here is, why do you care?

ID will kill repeated attempts.

This is a good question. Port 80 being open isn't a risk as long as you know not to use it.

scottalanmiller

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

If this helps, this is what I see in the port management.

I can't block it at the firewall level since LE needs port 80. So if I can't close the port, would love to redirect the admin page. I suppose I could setup Nginx but would prefer not to have to do that.

You sure it does? Just specify to use 443 for LE.

NashBrydges

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

If this helps, this is what I see in the port management.

I can't block it at the firewall level since LE needs port 80. So if I can't close the port, would love to redirect the admin page. I suppose I could setup Nginx but would prefer not to have to do that.

Better question here is, why do you care?

ID will kill repeated attempts.

I would normally totally agree but my role was just to set it up. The client has onsite IT who aren't supposed to touch the FreePBX install but the client has to have the login/pwd for the instance and it's part of their IT inventory. I'm just trying to eliminate the idiot effect where someone, without thinking, just goes to the HTTP URL instead of HTTPS. If there was a redirect, I wouldn't have to worry.

The risk is low that someone will login except me, but still a risk and if it's one I can avoid, all the better.

JaredBusch

@scottalanmiller said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

If this helps, this is what I see in the port management.

I can't block it at the firewall level since LE needs port 80. So if I can't close the port, would love to redirect the admin page. I suppose I could setup Nginx but would prefer not to have to do that.

Better question here is, why do you care?

ID will kill repeated attempts.

This is a good question. Port 80 being open isn't a risk as long as you know not to use it.

Right, as long as YOU do not fuck up and go to the page via http instead of https there is no risk here because if you don't have web management set to Internet, an IP the is not already allowed cannot even get to the page.
0_1537564501883_e2565659-7588-4551-8b3e-e4bb24e6c6d7-image.png

NashBrydges

@jaredbusch Brilliant! I changed the HTTP service to reject and it automatically redirects to HTTPS. Didn't even think of this.

JaredBusch

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch Brilliant! I changed the HTTP service to reject and it automatically redirects to HTTPS. Didn't even think of this.

No idea how LE works, but you'll find out in 60 days.

NashBrydges

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch Brilliant! I changed the HTTP service to reject and it automatically redirects to HTTPS. Didn't even think of this.

No idea how LE works, but you'll find out in 60 days.

True enough. I'll leave this enabled and update if it caused any issues with LE.

0_1537564897693_3c91d974-c275-4ddd-a39e-2d8f5a265b23-image.png

JaredBusch

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch Brilliant! I changed the HTTP service to reject and it automatically redirects to HTTPS. Didn't even think of this.

No idea how LE works, but you'll find out in 60 days.

True enough. I'll leave this enabled and update if it caused any issues with LE.

Disabled you mean?

NashBrydges

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch said in Disable FreePBX Admin Access Via Port 80:

@nashbrydges said in Disable FreePBX Admin Access Via Port 80:

@jaredbusch Brilliant! I changed the HTTP service to reject and it automatically redirects to HTTPS. Didn't even think of this.

No idea how LE works, but you'll find out in 60 days.

True enough. I'll leave this enabled and update if it caused any issues with LE.

Disabled you mean?

Lol, yes.