[SOLVED] Disable http access to LuCi

Hallodry · June 28, 2022, 5:23pm

Hi there.

I want my openwrt router to be hardened so that only connections via ssh tunnel with public key are possible. This connection works fine but now I noticed that the http connection directly to the router's IP is still possible. How do I switch that off?

Thanks

lleachii · June 28, 2022, 5:39pm

Disable the web service (uhttpd); or
Make uhttpd only listen only on loopback

shdf · June 28, 2022, 7:29pm

uninstall luci ?

jow · June 29, 2022, 10:23am

The statement

implies to me that access to the web interface is still desired (via SSH tunneling).

The solution for this would be binding uhttpd to localhost only, as suggsted by @lleachii .

uci set uhttpd.main.listen_http='127.0.0.1:80'
uci set uhttpd.main.listen_https='127.0.0.1:443'
uci commit uhttpd
service uhttpd restart

Hallodry · June 29, 2022, 12:12pm

Hi @lleachii & @jow,

after your first remarks I already had a look at my uhttpd configuration and I have seen the properties you are referring to. I performed the changes and now the access is blocked directly using the url. Thanks a lot!

lleachii · June 29, 2022, 12:13pm

Glad you got it fixed. If your issue is resolved, see: How to mark a topic as [Solved]

system · July 9, 2022, 12:13pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.