RyonM 0 Posted February 16, 2018 Share Posted February 16, 2018 (edited) Hello, I'm hosting my Emby server through Cloudflare which is connected to my router. With that I got https and my IP is hidden when I use ping. But is there a possibility that you can blacklist direct IP connections like 94.***.***.* through Emby. So that I only am able to use my Cloudflare domain. And not my router IP. Kind Regards, Ryon Edited February 16, 2018 by RyonM Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted February 16, 2018 Share Posted February 16, 2018 Hello, I'm hosting my Emby server through Cloudflare which is connected to my router. With that I got https and my IP is hidden when I use ping. But is there a possibility that you can blacklist direct IP connections like 94.***.***.* through Emby. So that I only am able to use my Cloudflare domain. And not my router IP. Kind Regards, Ryon Not through Emby, no, but might be something you can manage at the router level. Link to comment Share on other sites More sharing options...
RyonM 0 Posted February 16, 2018 Author Share Posted February 16, 2018 Not through Emby, no, but might be something you can manage at the router level. I did not find that option in my router settings. And my router has lots of settings. I tried URL blocking but that did not work. Link to comment Share on other sites More sharing options...
Tur0k 143 Posted February 16, 2018 Share Posted February 16, 2018 I don’t think this is possible in the Emby app. If you have a highly configurable firewall (PFSense, opnsense, tomato, DD-WRT, open-wet, Merlin) you should be able to create a firewall rule that only allows inbound requests to your Emby port (8096 (http) or 8920 (https) from a specific public IP or subnet. Alternately, you could setup a reverse proxy at home and set it up functionally in between your home firewall and Emby server. Then you could setup ACL rules that would be designed with a condition of ip source is: 94.#.#.#. Then forward the traffic to your Emby web front end. Lastly, you might be able to setup fail2ban (Linux) or wail2ban (windows) to do a whitelist only. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Luke 37009 Posted March 29, 2018 Share Posted March 29, 2018 This may help with fail2ban: https://emby.media/community/index.php?/topic/57525-33111-log-file-rotation Link to comment Share on other sites More sharing options...
Swynol 375 Posted March 30, 2018 Share Posted March 30, 2018 i do this with NGINX reverse proxy. i blacklist a large range of IPs. alternatively you can whitelist 'Trusted' IPs Link to comment Share on other sites More sharing options...
RyonM 0 Posted March 30, 2018 Author Share Posted March 30, 2018 I fixed it with using IIS with a reverse proxy and some url rewriting. So direct ip gets redirected to a 403 forbidden page and only my domain url works. Since im using cloudflare my ip is also hidden when i am pinging my website. I am doing al this since movie uploading and all is illegal. And if someone like the goverment is typing in my IP. And they are getting in emby. I'm not really sure if they like that Only now the only problem is, is to get ssl to work. I'm now using flexible ssl from cloudflare. Because if I do a custom certificate or full SSL. Im also somehow redirected to a 403 page. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 30, 2018 Share Posted March 30, 2018 I fixed it with using IIS with a reverse proxy and some url rewriting. So direct ip gets redirected to a 403 forbidden page and only my domain url works. Since im using cloudflare my ip is also hidden when i am pinging my website. I am doing al this since movie uploading and all is illegal. And if someone like the goverment is typing in my IP. And they are getting in emby. I'm not really sure if they like that Only now the only problem is, is to get ssl to work. I'm now using flexible ssl from cloudflare. Because if I do a custom certificate or full SSL. Im also somehow redirected to a 403 page. Are you sure your IP is actually hidden? what happens if you go to https://yourdomain.com/emby/system/info/public/ Link to comment Share on other sites More sharing options...
RyonM 0 Posted March 30, 2018 Author Share Posted March 30, 2018 (edited) {"LocalAddress":"http://192.168.0.107:8096","WanAddress":"http://*****.ga:8096","ServerName":"DESKTOP-S4ROP1M","Version":"3.3.1.0","OperatingSystem":"Windows","Id":"******"} It shows this I am not sure what that Windows Id is Edited March 30, 2018 by RyonM Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 30, 2018 Share Posted March 30, 2018 {"LocalAddress":"http://192.168.0.107:8096","WanAddress":"http://*****.ga:8096","ServerName":"DESKTOP-S4ROP1M","Version":"3.3.1.0","OperatingSystem":"Windows","Id":"******"} It shows this I am not sure what that Windows Id is Ok good it looks like you have things setup in emby correctly so you don't leak your wan address... good work! Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 31, 2018 Share Posted March 31, 2018 {"LocalAddress":"http://192.168.0.107:8096","WanAddress":"http://*****.ga:8096","ServerName":"DESKTOP-S4ROP1M","Version":"3.3.1.0","OperatingSystem":"Windows","Id":"******"} It shows this I am not sure what that Windows Id is I didnt answer your last question, WIndows is what emby sees as the operating system, the "ID" is the info emby connect uses to identify your server. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now