hi all,
is it possible to restrict the access to public invocation urls of luci-app-commands to certain src ips?
Hi,
no - this is not implemented. You could use firewall rules to limit access.
1 Like
but how to restrict access to certain urls using firewall rules? I dont want to block http on router ip adress (would block access to routers openwrt luci web gui)
what exaclty do you want to block ?
I want to block all except one src ip. only this src ip shall be able to invoke an http command of luci-app-commands
Apply iptable rules
1st rule to allow this source IP and destination IP of luci
2 nd rule all IP to destination IP of luci as drop rule
but the access to the general openwrt luci web ui shall not be restricted. the blocking shall only apply to the public invocation urls of luci-app-commands.
Sry if I am wrong . Wait I ll read about that give 5 mins
sry i am now reading about this module
i guess this is only possible by implementing a src ip filter feature to luci-app-commands. imho it is an important security option for the public invocation urls.
is the developer here and can reply if this is possible to implement? would be great!
I recommend that you create a topic in the For Developers section if this is a feature that you desire.
Or the Developers mailing list.
Let's just move the thread there
1 Like