Connect to webUI only via SSH?


I would like to disable connecting to the webUI (be it (re)Foris or LuCi) via HTTP(S) and only be able to do it via an SSH tunnel.

I’ve managed to successfully connect via the SSH tunnel using this guide.
The guide furthermore talks about disabling uhttpd, but:

  1. Instead of uhttpd, TOS seems to have lighttpd
  2. I don’t want to disable the HTTP server, I only want it to listen on my Omnia’s localhost.

I checked around in /etc/lighttpd/ but it seems like many of its configs are automatically generated? If so, what is the best method of achieving this?

Thanks in advance.

1 Like

Some time ago I wrote this by adapting the OpenWrt guide, it could be for you:
Accessing Web Interface Securely [Turris wiki]


or you might use firewall to block it only from outside (and keep direct access from LAN). But anyway, you could use a strong generated password in a password manager.

1 Like

Thanks, this seemed to have worked. Though, will the applied settings be returned to default once I update?

That is certainly a possibility, but I feel exposing sshd to be a bit less risky than a web server in this case.

1 Like

The configuration remains the same even after any updates, unless the update changes the web server or other low-level parts inherent to the web interface, but I don’t think this is the case.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.