Jump to content

Any way to restrict console access to LAN only ?

vaise

By vaise
in General/Windows

 Share

Recommended Posts

rbjtech

rbjtech   4333

Posted
Posted

I don't like disagreeing with Luke  ;) - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN ..

 

Attempting a remote login on this account is denied.  :D

 

Is that not what the OP is asking ?

 

 

Link to comment
Share on other sites
Happy2Play

Happy2Play   8356

Posted
Posted (edited)

I don't like disagreeing with Luke  ;) - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN ..

 

Attempting a remote login on this account is denied.  :D

 

Is that not what the OP is asking ?

 

Pretty sure OP wants to restrict Dashboard access to LAN only.

Edited by Happy2Play
Link to comment
Share on other sites
rbjtech

rbjtech   4333

Posted
Posted

Thanks Happy2Play, but as a non 'Manager/Admin' (also an option on the same settings page) - I don't even get access to the dashboard.

 

Lets see if that's what the OP wants - but my only Admin (Manager) account is set for LAN only - so I can't administer the server remotely - and I *think* that is what the OP likely wants for security reasons - ie if the account did get compromised remotely, then they do not have the ability to cause damage or add accounts etc.

Link to comment
Share on other sites
ebr Emby Team

ebr   14959

Posted
Posted

Pretty sure he wants to be able to browse and play content but just not manage the server.

 

Your solution denies any connection at all.

 

Thanks.

Link to comment
Share on other sites
rbjtech

rbjtech   4333

Posted
Posted

OK, perhaps this is me missing the OP's point entirely :huh: , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use.  All standard good computing practice - nothing new here. 

 

On the Admin account - you tick the 'Manager' box and untick 'remote access'.  You can now only Administer Emby from the LAN.

On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN.

 

If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes ..

 

Am I missing something ?  :unsure:

Link to comment
Share on other sites
ebr Emby Team

ebr   14959

Posted
Posted

OK, perhaps this is me missing the OP's point entirely :huh: , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use.  All standard good computing practice - nothing new here. 

 

On the Admin account - you tick the 'Manager' box and untick 'remote access'.  You can now only Administer Emby from the LAN.

On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN.

 

If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes ..

 

Am I missing something ?  :unsure:

 

That is a valid approach (and a workaround for now) but it forces one to log out and back in with a different user every time they want to administer something and some people don't want that hassle.

 

So, the request is a valid one.

  • Like 1
Link to comment
Share on other sites
jon_

jon_   23

Posted
Posted

Are you allowing direct connections remotely, or using a reverse proxy? 

 

If you are using a reverse proxy you may be able to blacklist rewriting the dashboard URL (/web/index.html#!/dashboard.html) and all of the other links in the dashboard sidebar. Not sure if if it'd have any side effects / bad consequences but might be worth investigating...

Link to comment
Share on other sites
vaise

vaise   307

Posted
  • Author
Posted

Thanks for all the comments. 

I am yes trying to use the same user.  I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road.

I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills.

If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox).

Link to comment
Share on other sites
legallink

legallink   187

Posted
Posted

Thanks for all the comments. 

I am yes trying to use the same user.  I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road.

I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills.

If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox).

Why don’t you preserve your current user with watched history, remove admin access and create a new admin user (not in that order).

Link to comment
Share on other sites
vaise

vaise   307

Posted
  • Author
Posted

Well..... That would just make too much sense now wouldn't it.

I will do that.

Link to comment
Share on other sites
Happy2Play

Happy2Play   8356

Posted
Posted

Or the backup plugin can map userdata to new user.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...