Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

Restrict login page of MDM system to local lan only

0 votes
Hi,

I'm trying the consumer edition to run it with our samsung mobiles. The headwind server runns in a dmz where the ports 8443 (web via https) and 31.000 (MQTT) are redirected to the server. If I understand it correctly, the mobile phones need access via https, so I cannot block the port 8443. If it's open, the management interface is also exposed to the web. Is there any possibility to restrict the web management interface to local IP addresses only? A reverse proxy would be available (ha proxy), but I don't know how to set the rules to not desturb the mobile phone connections.

Thanks for your answers, I appreciate !
by (160 points)

1 Answer

+1 vote
 
Best answer

To restrict access to Headwind MDM from the Internet, please uncomment the following line in the Tomcat config file (/var/lib/tomcat9/conf/Catalina/localhost/ROOT.xml):

    <!-- IP filters for devices and web panel UI users, comma-separated networks or single IPs -->

    <!-- <Parameter name="device.allowed.address" value='192.168.0.0/16,10.0.0.0/24'/> -->

    <Parameter name="ui.allowed.address" value='192.168.0.0/16,10.0.0.0/24,213.11.0.3'/>

Your inquiry (web interface) is related to the ui.allowed.address parameter. Another parameter (device.allowed.address) could be used to restrict access to device REST API.

by (10.5k points)
selected by
exactly what I was looking for, thanks a lot!
by (160 points)
 | Snow Theme by Q2A Market
Powered by Question2Answer
...