Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
Łukasz Szczepanik
unread,
Dec 6, 2023, 9:17:40 AM12/6/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Jörg Steffens, bareos...@googlegroups.com
Hi Jörg,
We already did the first point. The problem with this approach is that you are still able login to WebUI. You have no sufficient rights to any resources but you are logged in.
It does not look too secure in my opinion.
Regarding the second point I will take a look :)
Thank you
Meggie Hallenbach
unread,
Dec 6, 2023, 4:47:12 PM12/6/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to bareos-users
Hi,
*Use linux firewall to exclude any ip adr. from ports 80, 443 but the ones which should have access to it? To make it more secure i would drop any incoming packets from computers which are not backuped or should have control to the backup system... or *use webservers access control option like <Directory /usr/share/davical/htdocs> Order Deny,Allow Deny From All Allow from testdomain.blabla.blaba Allow from xxx.xxx.xxx.xxx Allow from xxx.xxx.xxx.xxx/sub.sub.sub.sub (or
xxx.xxx.xxx.xxx/sub) Options +Indexes </Directory>