RyonM 0 Posted February 16, 2018 Posted February 16, 2018 (edited) Hello, I'm hosting my Emby server through Cloudflare which is connected to my router. With that I got https and my IP is hidden when I use ping. But is there a possibility that you can blacklist direct IP connections like 94.***.***.* through Emby. So that I only am able to use my Cloudflare domain. And not my router IP. Kind Regards, Ryon Edited February 16, 2018 by RyonM
mastrmind11 717 Posted February 16, 2018 Posted February 16, 2018 Hello, I'm hosting my Emby server through Cloudflare which is connected to my router. With that I got https and my IP is hidden when I use ping. But is there a possibility that you can blacklist direct IP connections like 94.***.***.* through Emby. So that I only am able to use my Cloudflare domain. And not my router IP. Kind Regards, Ryon Not through Emby, no, but might be something you can manage at the router level.
RyonM 0 Posted February 16, 2018 Author Posted February 16, 2018 Not through Emby, no, but might be something you can manage at the router level. I did not find that option in my router settings. And my router has lots of settings. I tried URL blocking but that did not work.
Tur0k 143 Posted February 16, 2018 Posted February 16, 2018 I don’t think this is possible in the Emby app. If you have a highly configurable firewall (PFSense, opnsense, tomato, DD-WRT, open-wet, Merlin) you should be able to create a firewall rule that only allows inbound requests to your Emby port (8096 (http) or 8920 (https) from a specific public IP or subnet. Alternately, you could setup a reverse proxy at home and set it up functionally in between your home firewall and Emby server. Then you could setup ACL rules that would be designed with a condition of ip source is: 94.#.#.#. Then forward the traffic to your Emby web front end. Lastly, you might be able to setup fail2ban (Linux) or wail2ban (windows) to do a whitelist only. Sent from my iPhone using Tapatalk
Luke 38528 Posted March 29, 2018 Posted March 29, 2018 This may help with fail2ban: https://emby.media/community/index.php?/topic/57525-33111-log-file-rotation
Swynol 375 Posted March 30, 2018 Posted March 30, 2018 i do this with NGINX reverse proxy. i blacklist a large range of IPs. alternatively you can whitelist 'Trusted' IPs
RyonM 0 Posted March 30, 2018 Author Posted March 30, 2018 I fixed it with using IIS with a reverse proxy and some url rewriting. So direct ip gets redirected to a 403 forbidden page and only my domain url works. Since im using cloudflare my ip is also hidden when i am pinging my website. I am doing al this since movie uploading and all is illegal. And if someone like the goverment is typing in my IP. And they are getting in emby. I'm not really sure if they like that Only now the only problem is, is to get ssl to work. I'm now using flexible ssl from cloudflare. Because if I do a custom certificate or full SSL. Im also somehow redirected to a 403 page.
pir8radio 1301 Posted March 30, 2018 Posted March 30, 2018 I fixed it with using IIS with a reverse proxy and some url rewriting. So direct ip gets redirected to a 403 forbidden page and only my domain url works. Since im using cloudflare my ip is also hidden when i am pinging my website. I am doing al this since movie uploading and all is illegal. And if someone like the goverment is typing in my IP. And they are getting in emby. I'm not really sure if they like that Only now the only problem is, is to get ssl to work. I'm now using flexible ssl from cloudflare. Because if I do a custom certificate or full SSL. Im also somehow redirected to a 403 page. Are you sure your IP is actually hidden? what happens if you go to https://yourdomain.com/emby/system/info/public/
RyonM 0 Posted March 30, 2018 Author Posted March 30, 2018 (edited) {"LocalAddress":"http://192.168.0.107:8096","WanAddress":"http://*****.ga:8096","ServerName":"DESKTOP-S4ROP1M","Version":"3.3.1.0","OperatingSystem":"Windows","Id":"******"} It shows this I am not sure what that Windows Id is Edited March 30, 2018 by RyonM
pir8radio 1301 Posted March 30, 2018 Posted March 30, 2018 {"LocalAddress":"http://192.168.0.107:8096","WanAddress":"http://*****.ga:8096","ServerName":"DESKTOP-S4ROP1M","Version":"3.3.1.0","OperatingSystem":"Windows","Id":"******"} It shows this I am not sure what that Windows Id is Ok good it looks like you have things setup in emby correctly so you don't leak your wan address... good work!
pir8radio 1301 Posted March 31, 2018 Posted March 31, 2018 {"LocalAddress":"http://192.168.0.107:8096","WanAddress":"http://*****.ga:8096","ServerName":"DESKTOP-S4ROP1M","Version":"3.3.1.0","OperatingSystem":"Windows","Id":"******"} It shows this I am not sure what that Windows Id is I didnt answer your last question, WIndows is what emby sees as the operating system, the "ID" is the info emby connect uses to identify your server.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now