1 (edited by james.witterschein 2017-02-07 16:11:55)

Topic: How To Restrict Access to iRedAdmin?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Ubuntu 16.04 Desktop
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Not Yet..But Soon smile
- Related log if you're reporting an issue:
====
Hi..

I'd like to restrict access to /iredadmin to only the iRedMail server and certain private IPs on the server network - and block access to /iredadmin from the outside world.  How do I do this?

Thank you very much.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How To Restrict Access to iRedAdmin?

Method 1. Block incoming connection from the internet using firewall.
Method 2. .htaccess files

Order Deny,Allow
Deny from all
Allow from 192.168.0.
Allow from .localnet
Allow from admin.somewhere.in.the.net

3 (edited by james.witterschein 2017-02-07 21:45:20)

Re: How To Restrict Access to iRedAdmin?

primavero wrote:

Method 1. Block incoming connection from the internet using firewall.
Method 2. .htaccess files

Order Deny,Allow
Deny from all
Allow from 192.168.0.
Allow from .localnet
Allow from admin.somewhere.in.the.net

Thanks @ Primavero....I'll need to do some more reading on Ubuntu firewall, as I don't know how to block inbound access to /iredadmin, but still allow access to /mail...any suggestions?

4

Re: How To Restrict Access to iRedAdmin?

Unfortunately, there is no way to block access to only /iredadmin using firewall.

So you need to block it on webserver level - .htaccess or httpd conf (if you use Apache)

5

Re: How To Restrict Access to iRedAdmin?

james.witterschein wrote:

...as I don't know how to block inbound access to /iredadmin, but still allow access to /mail...any suggestions?

buy a iRedAdmin-Pro license ,you can setting :

/var/www/iredadmin/settings.py
# List of IP addresses which global admins are allowed to login from.
# e.g. ['127.0.0.1', '192.168.1.1']
# Valid formats:
#   - Single IP addess: 192.168.1.1
#   - IP range:         192.168.1.1-30
#   - Whole subnet:     192.168.1
#Pro-Version
#GLOBAL_ADMIN_IP_LIST = []
GLOBAL_ADMIN_IP_LIST = ['127.0.0.1','203.169.36.160','229.180.14.96']

PS:opensource iRedAdmin  cannot setting

6

Re: How To Restrict Access to iRedAdmin?

rain6966 wrote:
james.witterschein wrote:

...as I don't know how to block inbound access to /iredadmin, but still allow access to /mail...any suggestions?

buy a iRedAdmin-Pro license ,you can setting :

/var/www/iredadmin/settings.py
# List of IP addresses which global admins are allowed to login from.
# e.g. ['127.0.0.1', '192.168.1.1']
# Valid formats:
#   - Single IP addess: 192.168.1.1
#   - IP range:         192.168.1.1-30
#   - Whole subnet:     192.168.1
#Pro-Version
#GLOBAL_ADMIN_IP_LIST = []
GLOBAL_ADMIN_IP_LIST = ['127.0.0.1','203.169.36.160','229.180.14.96']

PS:opensource iRedAdmin  cannot setting


Thank you very much, Rain6966!!!  Purchasing an iRedAdmin Pro license is on the top of my list!

7

Re: How To Restrict Access to iRedAdmin?

Notes:

*) The restriction done in iRedAdmin-Pro just restricts global admin, not normal domain admin.
*) Another way is, as @primavero clearly mentioned, adding ACL in web server (both Apache and Nginx can do this).