Author Topic: The web UI is accessible outside of my local network. Can I block this?  (Read 1015 times)

Marcr34t34e4

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
I've set up the web UI to serve on port 8090, and this works fine. I can type http://raspberrypi:8090 in my local network to successfully see the web UI.

However I've noticed (from the standard output when running qbittorrent-nox) that it is also available via http://[external_ip_address]:8090, which I'm not really after.

Is there anyway to disable this external access? I know that transmission-daemon has an ip whitelist, is this available with qbittorrent, or otherwise?

If the external access cannot be disabled, should I be conscious of network security implications? I do have a password set for the web UI, but I was considering if just generally having that port open externally creates any security implications in of itself. I'm not an expert on networking so I'm unsure.

Peter

  • Administrator
  • Forum addict
  • *****
  • Posts: 1552
  • Karma: +37/-2
    • View Profile
There are no known breaches, or at least not that I know of.

Depending on your distro, install a firewall. It is most wise that you do this if the unit is exposed to the internet..and it seems yours is!
On Ubuntu, grab "ufw". Very simple.

How to config UFW:
sudo apt-get update
sudo apt-get install ufw
(!) sudo ufw allow 80/tcp
sudo ufw enable

(!) is optional, allow each port you use and need from outside. you can enable tcp/udp both if you only specify the number, such as: sudo ufw allow 80
https://help.ubuntu.com/community/UFW

By the way, you could simply install OpenVPN on your Pi and connect to that from the outside.
It is very easy to configure and set up, and you also learn something.
(Just an idea.)
- qBittorrent team - server and forum administrator.
- Hungarian translation reviewer/moderator (+ translator).

Join the official qBittorrent Discord!
https://discord.gg/ma66Vv4

Switeck

  • Forum addict
  • ****
  • Posts: 1190
  • Karma: +80/-0
    • View Profile
Re: The web UI is accessible outside of my local network. Can I block this?
« Reply #2 on: August 10, 2017, 09:54:31 PM »
Very late reply here...

Seems like the web UI is visible from the internet because the router that should be blocking it is port-fowarding the web UI port 8090.

Either this is the result of manual port forwarding on the router or UPnP/NAT-PMP is automatically doing it. Simple solution -- remove the manual port forward and disable UPnP/NAT-PMP on the web UI device.