allow login by IP in htaccess

[zeger]

Hello Qnap family,

I want to login in the admin centre by 1 IP only

Try to change the htaccess in "/home/httpd/html/Management" too

AuthName "Ipkg-Web: Admin Restricted Access"
AuthType Basic
AuthUserFile /mnt/HDA_ROOT/.config/shadow
AuthGroupFile /dev/null
DirectoryIndex package.cgi
<limit GET POST>

order deny,allow
deny from all
# whitelist Work IP address
allow from 81.64.193.100

require user admin
Options +ExecCGI
</Limit>

But its not working
I'm doing something wrong or I have the wrong htaccess

best regards

[schumaku]

There is no admin centre, there is no support to limit access by IP to some functions (i.e. the Control Panel, Storage Manager, ...) up toe QTS 4.1, ... and last but not least there is no /home/httpd/html/Management on a current QNAP QTS 4.1 firmware, ... nothing the like is anywhere from being supported, any kind of access issues for using cloud functions can and will arise...

Beyond, on QTS 4 we have an Apache based proxy also serving the QTS desktop, the Web application server (thttpd) is not Apache, and gives a s**t about a .htaccess file, it's permitting a local access from the proxy only anyway.

[zeger]

Hi schumaku

I also referred to the Control Panel "sorry".
My problem is that someone try for 14 days every half hour to login.
I have port 80 and 8080 closed, but keep trying and I need those ports for an external website .
I was hoping to solve this by htaccess and give only access to my own IP.
And I have a /home/httpd/html/Management on my Qnap

[schumaku]

My problem is that someone try for 14 days every half hour to login.

Only?!? That's not much. As soon as you open any door there will be many kind of testers, drones, previous users of the same IP address, ... attempting to break in. Control Panel -> Security -> Network Access Protection ... enable the http(s) blocking after some repeated access for a longer time.

I have port 80 and 8080 closed, but keep trying and I need those ports for an external website .

So and? 80 is for the Web server only (expect of the unlucky default index.php doing a redirect to the QTS desktop port configured), if you need 8080 for a Web site you have to free it up and use an alternate http port for the QTS http desktop access.

I was hoping to solve this by htaccess and give only access to my own IP.

Limiting tp one IP address will block many other services, Apps, ...

And I have a /home/httpd/html/Management on my Qnap

NAS model, firmware, ...?

[zeger]

blocking after some repeated access for a longer time
Not possible, block = max 5 times in 30 min he comes max 2 times 30 min
Nas tell me he has ip 127.0.0.1 firewall tell me he comes with multiple.

80 is closed and change 8080

I have a TS 509 4.1.0 date 2014/06/12

and 1 question ..... where can I find the index.html that gave me access to the Control Panel

Thanks for your time and your help

[schumaku]

The /home/httpd/html/ is unrelated to the QTS desktop - it's the Optware IPKG Web GUI :

[~] # ls -ls /home/httpd/
...
0 lrwxrwxrwx 1 admin administ 34 Jun 24 11:28 html -> /share/MD0_DATA/.qpkg/Optware/html/
...

ot possible, block = max 5 times in 30 min he comes max 2 times 30 min

That would be a very non-aggressive attack, less than 100 attempts in a day.

Nas tell me he has ip 127.0.0.1 firewall tell me he comes with multiple.

In the NAS System Logs -> System Connection Log? Afraid, I always see the effective source IP address - if the access is in http, capture it - probably it's a specific URL and the proxy does hide the effective IP. There is one thing wrong with the System Connection Log in my opinion - Accessed resource often says "Administration" - a historical QNAP definition... in reality, it's an attempt connecting to the QTS desktop, or a mobile application API. I'd like to post an attachment, but currently can't...

where can I find the index.html that gave me access to the Control Panel

Lol - this is a complex Ajax application, not a index.html thingie...