![]() ![]() I've got multiple ports open for the entire Internet for over a decade and I've never been breached. You have hackers in too high of a regard. This is security through obscurity which I'm not a huge fan of. This is relatively safe but any party between you and your server can sniff the sequence of knocks and open the port for themselves. You could use knockd: without any extra protections.Forward it as is but enable HTTPS to exclude MITM attacks - this is the least secure option but the easiest and most reliable to implement - no need to connect to your VPN or open an SSH connection.My preferred method: firewall the port completely and allow it to be opened only via the loopback (127.0.0.1) interface and connect to it via SSH port forwarding.How else could I access my web UI safer from outside of my local network? Only and only if qBitTorrent has vulnerabilities (and its track record in regard to them is quite good actually) it will be possible. Or is it still easy to access other parts of my network even if the site behind the port needs authentication? Just to be clear, I'm aware that there's no perfect solution and that a skilled/dedicated person probably could breach my network anyway, but my main goal is to prevent bots, common exploits, and leaving obvious vulnerabilities in my setup while keeping think relatively simple and easy to use. not even connecting to a VPN) for the user who wants to connect from the internet?įor example would setting up a nginx reverse proxy with some IP/MAC filtering, or Cloudflare (or some other security measure) increase security for an open port in a significant way, so that it's worth the effort setting it up? How else could I access my web UI safer from outside of my local network? I know that setting up a VPN is a fairly safe and easy solution, but is there some other option that would make it completely seamless (i.e. I know that it's not wise to open ports mindlessly, but since the web UI needs an username and password to actually access the interface I thought it would make it harder for someone to wreak havoc on my machine/network. ![]() I have small home server that runs a qBittorrent in docker container, and I was wondering how bad/risky it is if I'd forward the port for the web UI so I can access it from outside my network. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |