WAN Access Questions


(Mvogel4949) #1

Obviously opening http access to the internet is a No. Is opening https to the internet any different?

Can I safely open UCP to the internet without opening http?

Thank you


(Greg Kujawa) #2

That’s a loaded question. :joy:Opening anything to the Internet introduces certain pitfalls. The primary difference between HTTP and HTTPS is the latter provides SSL encryption of the traffic to/from. But it won’t automatically prevent the bad guys from trying to get in and exploit your system.

If your UCP would only be accessed from a static public IP subnet, you could whitelist that subnet and exclude all others on your router or firewall. Is that doable?


#3

+1 @gregarican

Most drive-by’s are directed to your ip address, not your URL. (that goes for all your open internet ports)

So one effective filter is have your webserver rewrite http(s) traffic sent not to your domain name but to your ip address to a.nonexistant.domain with a 301 (permanent) code


(Mvogel4949) #4

The users would be coming from a wide variety of IPs. Does WAN access to the UCP provide access to the same file that WAN access to http does?