Jump to content

Any way to restrict console access to LAN only ?


Recommended Posts

Posted

Im looking to restrict admin's to LAN only?  Is that possible anywhere ?

  • Like 1
Posted

We don't currently have any settings for that, although it's not a bad idea.

rbjtech
Posted

I don't like disagreeing with Luke  ;) - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN ..

 

Attempting a remote login on this account is denied.  :D

 

Is that not what the OP is asking ?

 

 

Happy2Play
Posted (edited)

I don't like disagreeing with Luke  ;) - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN ..

 

Attempting a remote login on this account is denied.  :D

 

Is that not what the OP is asking ?

 

Pretty sure OP wants to restrict Dashboard access to LAN only.

Edited by Happy2Play
rbjtech
Posted

Thanks Happy2Play, but as a non 'Manager/Admin' (also an option on the same settings page) - I don't even get access to the dashboard.

 

Lets see if that's what the OP wants - but my only Admin (Manager) account is set for LAN only - so I can't administer the server remotely - and I *think* that is what the OP likely wants for security reasons - ie if the account did get compromised remotely, then they do not have the ability to cause damage or add accounts etc.

Posted

Pretty sure he wants to be able to browse and play content but just not manage the server.

 

Your solution denies any connection at all.

 

Thanks.

rbjtech
Posted

OK, perhaps this is me missing the OP's point entirely :huh: , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use.  All standard good computing practice - nothing new here. 

 

On the Admin account - you tick the 'Manager' box and untick 'remote access'.  You can now only Administer Emby from the LAN.

On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN.

 

If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes ..

 

Am I missing something ?  :unsure:

Posted

OK, perhaps this is me missing the OP's point entirely :huh: , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use.  All standard good computing practice - nothing new here. 

 

On the Admin account - you tick the 'Manager' box and untick 'remote access'.  You can now only Administer Emby from the LAN.

On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN.

 

If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes ..

 

Am I missing something ?  :unsure:

 

That is a valid approach (and a workaround for now) but it forces one to log out and back in with a different user every time they want to administer something and some people don't want that hassle.

 

So, the request is a valid one.

  • Like 1
Posted

Are you allowing direct connections remotely, or using a reverse proxy? 

 

If you are using a reverse proxy you may be able to blacklist rewriting the dashboard URL (/web/index.html#!/dashboard.html) and all of the other links in the dashboard sidebar. Not sure if if it'd have any side effects / bad consequences but might be worth investigating...

Posted

Thanks for all the comments. 

I am yes trying to use the same user.  I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road.

I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills.

If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox).

legallink
Posted

Thanks for all the comments. 

I am yes trying to use the same user.  I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road.

I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills.

If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox).

Why don’t you preserve your current user with watched history, remove admin access and create a new admin user (not in that order).

Posted

Well..... That would just make too much sense now wouldn't it.

I will do that.

Happy2Play
Posted

Or the backup plugin can map userdata to new user.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...