Restrict access to web interface by IP

Help
1

Hello all,

I'm using Pi-hole Version v4.3.1 Web Interface Version v4.3 FTL Version v4.3.1 inside my 192.168.178.*-intranet and love it. I'd like to exclude anyone else from the outside to have any access to the Web Interface.

So I appended

# https://www.cyberciti.biz/tips/lighttpd-restrict-or-deny-access-by-ip-address.html
# https://discourse.pi-hole.net/t/password-protect-the-dashboard/223/5
# restrict access to server-status to listed IP hosts
$HTTP["remoteip"] !~ "192.168.178.10|192.168.178.20" {
    $HTTP["url"] =~ "^/admin/" {
      url.access-deny = ( "" )
    }
 }

to /etc/lighttpd/lighttpd.conf. Though two sources suggested that syntax, lighttpd complains

sudo service lighttpd restart
sudo service lighttpd status
● lighttpd.service - Lighttpd Daemon
   Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-08-01 11:58:48 CEST; 5s ago
  Process: 4120 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 4127 (lighttpd)
    Tasks: 6 (limit: 2200)
   Memory: 5.9M
   CGroup: /system.slice/lighttpd.service
           ├─4127 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
           ├─4137 /usr/bin/php-cgi
           ├─4138 /usr/bin/php-cgi
           ├─4139 /usr/bin/php-cgi
           ├─4140 /usr/bin/php-cgi
           └─4141 /usr/bin/php-cgi

Aug 01 11:58:48 raspberrypi systemd[1]: Starting Lighttpd Daemon...
Aug 01 11:58:48 raspberrypi lighttpd[4120]: 2019-08-01 11:58:48: (server.c.1493) WARNING: unknown config-key: alias.url (ignored)
Aug 01 11:58:48 raspberrypi systemd[1]: Started Lighttpd Daemon.

What do I miss?

2

Another post that deals with WARNING: unknown config-key: alias.url (ignored) suggests to include mod_alias so I changed the original /etc/lighttpd/lighttpd.conf from

server.modules = (
        "mod_access",
        "mod_accesslog",
        "mod_auth",
        "mod_expire",
        "mod_compress",
        "mod_redirect",
        "mod_setenv",
        "mod_rewrite"
)

to

server.modules = (
        "mod_access",
        "mod_accesslog",
        "mod_alias",
        "mod_auth",
        "mod_expire",
        "mod_compress",
        "mod_redirect",
        "mod_setenv",
        "mod_rewrite"
)

which did the trick.
:smiley:

1 Like
3

This /etc/lighttpd/lighttpd.conf file will get overwritten when you run Pi-hole repair/reconfigure or apt upgrade.
Try put as many customized options as possible in the /etc/lighttpd/external.conf file which doesnt get overwritten:

pi@noads:~ $ tail -3 /etc/lighttpd/lighttpd.conf
# Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null"
4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.