Hello Qnap family,
I want to login in the admin centre by 1 IP only
Try to change the htaccess in "/home/httpd/html/Management" too
AuthName "Ipkg-Web: Admin Restricted Access"
AuthType Basic
AuthUserFile /mnt/HDA_ROOT/.config/shadow
AuthGroupFile /dev/null
DirectoryIndex package.cgi
<limit GET POST>
order deny,allow
deny from all
# whitelist Work IP address
allow from 81.64.193.100
require user admin
Options +ExecCGI
</Limit>
But its not working
I'm doing something wrong or I have the wrong htaccess
best regards
allow login by IP in htaccess
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: allow login by IP in htaccess
There is no admin centre, there is no support to limit access by IP to some functions (i.e. the Control Panel, Storage Manager, ...) up toe QTS 4.1, ... and last but not least there is no /home/httpd/html/Management on a current QNAP QTS 4.1 firmware, ... nothing the like is anywhere from being supported, any kind of access issues for using cloud functions can and will arise...
Beyond, on QTS 4 we have an Apache based proxy also serving the QTS desktop, the Web application server (thttpd) is not Apache, and gives a s**t about a .htaccess file, it's permitting a local access from the proxy only anyway.
Beyond, on QTS 4 we have an Apache based proxy also serving the QTS desktop, the Web application server (thttpd) is not Apache, and gives a s**t about a .htaccess file, it's permitting a local access from the proxy only anyway.
-
- Starting out
- Posts: 19
- Joined: Sat Oct 13, 2007 4:30 pm
Re: allow login by IP in htaccess
Hi schumaku
I also referred to the Control Panel "sorry".
My problem is that someone try for 14 days every half hour to login.
I have port 80 and 8080 closed, but keep trying and I need those ports for an external website .
I was hoping to solve this by htaccess and give only access to my own IP.
And I have a /home/httpd/html/Management on my Qnap
I also referred to the Control Panel "sorry".
My problem is that someone try for 14 days every half hour to login.
I have port 80 and 8080 closed, but keep trying and I need those ports for an external website .
I was hoping to solve this by htaccess and give only access to my own IP.
And I have a /home/httpd/html/Management on my Qnap
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: allow login by IP in htaccess
Only?!? That's not much. As soon as you open any door there will be many kind of testers, drones, previous users of the same IP address, ... attempting to break in. Control Panel -> Security -> Network Access Protection ... enable the http(s) blocking after some repeated access for a longer time.zeger wrote:My problem is that someone try for 14 days every half hour to login.
So and? 80 is for the Web server only (expect of the unlucky default index.php doing a redirect to the QTS desktop port configured), if you need 8080 for a Web site you have to free it up and use an alternate http port for the QTS http desktop access.zeger wrote:I have port 80 and 8080 closed, but keep trying and I need those ports for an external website .
Limiting tp one IP address will block many other services, Apps, ...zeger wrote:I was hoping to solve this by htaccess and give only access to my own IP.
NAS model, firmware, ...?zeger wrote:And I have a /home/httpd/html/Management on my Qnap
-
- Starting out
- Posts: 19
- Joined: Sat Oct 13, 2007 4:30 pm
Re: allow login by IP in htaccess
blocking after some repeated access for a longer time
Not possible, block = max 5 times in 30 min he comes max 2 times 30 min
Nas tell me he has ip 127.0.0.1 firewall tell me he comes with multiple.
80 is closed and change 8080
I have a TS 509 4.1.0 date 2014/06/12
and 1 question ..... where can I find the index.html that gave me access to the Control Panel
Thanks for your time and your help
Not possible, block = max 5 times in 30 min he comes max 2 times 30 min
Nas tell me he has ip 127.0.0.1 firewall tell me he comes with multiple.
80 is closed and change 8080
I have a TS 509 4.1.0 date 2014/06/12
and 1 question ..... where can I find the index.html that gave me access to the Control Panel
Thanks for your time and your help
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: allow login by IP in htaccess
The /home/httpd/html/ is unrelated to the QTS desktop - it's the Optware IPKG Web GUI :
[~] # ls -ls /home/httpd/
...
0 lrwxrwxrwx 1 admin administ 34 Jun 24 11:28 html -> /share/MD0_DATA/.qpkg/Optware/html/
...
[~] # ls -ls /home/httpd/
...
0 lrwxrwxrwx 1 admin administ 34 Jun 24 11:28 html -> /share/MD0_DATA/.qpkg/Optware/html/
...
That would be a very non-aggressive attack, less than 100 attempts in a day.zeger wrote:ot possible, block = max 5 times in 30 min he comes max 2 times 30 min
In the NAS System Logs -> System Connection Log? Afraid, I always see the effective source IP address - if the access is in http, capture it - probably it's a specific URL and the proxy does hide the effective IP. There is one thing wrong with the System Connection Log in my opinion - Accessed resource often says "Administration" - a historical QNAP definition... in reality, it's an attempt connecting to the QTS desktop, or a mobile application API. I'd like to post an attachment, but currently can't...zeger wrote:Nas tell me he has ip 127.0.0.1 firewall tell me he comes with multiple.
Lol - this is a complex Ajax application, not a index.html thingie...zeger wrote:where can I find the index.html that gave me access to the Control Panel