Topic: SME 7.1.3 ; how to close ports 80 and 443 from WAN

[damjan]

Hi,

Since SME is using primarly as a mail server and web access from LAN I need to close ports 80 and 443 from outside world (WAN).

Is there any simple way to do that?

Thank you

Damjan

[sgt-spam]

I think you control that via the ibay settings.


[edit]
Well, for the non-Primary ibay anyway.

Could you just stop the services associated with each?

[bpivk]

Could you just stop the services associated with each?

No. Well you could but he wants lan access to his webpages so this isn't what he wants.

Edit:
Nice to se a Slovenian user for a change. Lep pozdrav Damjan.

This could do what you want:
For this example the service you have installed is called 'manta' and 'nnn' is the TCP port number that needs to be closed. Watch your capitalization with the command below:

Code: [Select]

config set manta service access public status disabled TCPPort nnn
For UDP services, use UDPPort instead of TCPPort. Note that you can also set restrictions with ~AllowHosts and ~DenyHosts:

 

Code: [Select]

config setprop manta ~AllowHosts 1.2.3.4,10.11.12.0/24
 config setprop manta ~DenyHosts 16.17.18.18

and then

Code: [Select]

signal-event remoteaccess-update


[damjan]

Hello to all.

Yes, I want to block WAN access to ports 80 and 443 to avoid access on primary i-bay with "This web site is under construction" content.

Since I don't need this anyway I think I just rise security of SME a little bit.

br
D

[bpivk]

Damjan see my edited post. And you can also contact me by mail or MSN and we can discuss this.

And you can always delete the content or write a page doesn't exist.

[damjan]

Uf,

This forum is so alive that I got solution while I'm typing the post.

Thank you very much for your answer bpivk

lep pozdrav
Damjan

[bpivk]

This forum is so alive that I got solution while I'm typing the post.

Yes, some of us almost live here.  

Another and more simple solution would be by implementing a .htaccess file in each folder that you want to block.

[cool34000]

Hi Slovenia

I think what you're looking for should be :

Code: [Select]

#config setprop httpd-e-smith access private
#config setprop modSSL access private
#signal-event remoteaccess-updateThis will authorize web (80 and 443) only on your LAN... This also means that no websites will be accessible from outside (just checking !)

Then to view if all is ok, do a

Code: [Select]

#config show httpd-e-smithand a

Code: [Select]

#config show modSSL

Replace 'private' by 'public' in 1st step to get back to normal...

[CharlieBrady]

This forum is so alive that I got solution while I'm typing the post.

Yes, some of us almost live here.  

Another and more simple solution would be by implementing a .htaccess file in each folder that you want to block.

No, that won't help - .htaccess files are ignored. Setting the access property to private is the best solution.

[bpivk]

No, that won't help

Got it from another post so i have never tryed it.  

cool34000 yes, your method is event better but i couldn't remember the proper command.