How to disable IP based login?

emoun · May 29, 2024, 2:24am

I have applied Cloudflare Zero Trust 2FA (OTP via Email) authentication to both HestiaCP and WordPress login pages.

The HestiaCP login page can be accessed at https://cp.mydomain.tld:2083

However, direct access to https://IP-Address:2083 bypasses Cloudflare Zero Trust 2FA.

Can you please tell me how to disable direct IP login for HestiaCP?

linkp · May 29, 2024, 4:13am

You would need to firewall off access to that IP and port combination from anywhere except wherever Cloudflare Access connects from.

eris · May 29, 2024, 5:39am

You can’t currently

emoun · May 29, 2024, 9:59am

Is there any workaround using Ngnix?

eris · May 29, 2024, 11:32am

The only method you can use is to block port 8083 completely and use the templates from:

cp.tpl / stpl

You probally want to change the port back to 8083 in that case (or adjust te template)

emoun · May 29, 2024, 12:25pm

Thanks, i will look into this and let you know.

Can you please add my usecase as a feature request for the next releases of hestiacp.

Direct IP based login should be disabled.

schiwe · May 29, 2024, 12:28pm

You need to allow access only to cloudflare ips on your HestiaCP Firewall.
https://www.cloudflare.com/ips-v4/#

emoun · May 29, 2024, 12:49pm

This works like a charm!
Thanks.

This feature is built-in in CloudPanel for security purpose.

system · June 28, 2024, 12:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.