However it is unclear if it will control all the server traffic (what I’m looking for) or the only the traffic to the “Webmin server” (I’m not sure what this mean, this server runs only Virtualmin+hosts).
PLUS, I would like to use something a little more sophisticated.
I would like to redirect the allowed IPs list to access normally to the server/website. (the easiest)
All disallowed traffic should be redirect to a page (You are not allowed to… if this happen by mistake contact your admin…)
Have fail2ban to ban IPs if they ping repeatedly the page.
I’m sure this may look like overdoing for some, but for some reasons I feel this is the right way to deal with users in 2024 (lot are using VPN and don’t know when it is active or not).
Any ideas and feedback will be appreciated.
Bernard
I am glad you are aware that many people now use a VPN routinely to bypass such restrictions. so who exactly do you think you can block? without blocking those who you would like to let through. I would be very cautious about trusting any list of IP to block. (most lists are short term - after all there is only a small finite number of IPs in the world)
Sending most web traffic to a 404 page is the norm and pretty adequate.
The Webmin IP access control restricts Webmin access based on IP address. Nothing else. Webmin is not your web server, it is not your mail server, it isn’t anything other than Webmin (and Virtualmin, the UI, but none of the services Virtualmin manages, since none of the services Virtualmin manages run under Webmin’s web server).
Csf firewall can block by geo-ip but if you want different content based on IP then you need to use a CMS like wordpress with a plugin that can handle content for different locations.
Thanks for your reply.
While I understand the cons of such filtering, there are several reasons to have it implemented.
This I don’t feel it is useful to open a debate about this here.
I’m sure the team has plenty of things to do, but I suggest (is there a place for this ?) to edit and clarify the help text at: /webmin/edit_access.cgi?xnavigation=1
The Webmin **server** can be configured to deny or allow access only from certain IP addresses using this form .../... You should **limit access to your server** to trusted addresses .../...
Webmin runs under an application server called miniserv, and this configuration applies to that server. The help text is accurate, but I guess it could just say “Webmin”.
So I understand there is no issue to run it within or in parallel of my Debian12 Virtualmin server.
However I wonder about redundancy as I use FirewallID already (as well as fail2ban).
Any advises about using CSF and csfwebmin in such context ?