Topics tagged under "security"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

UNSOLVED Wordpress: restrict access by IP (wp-admin and wp-login.php)
Support • wordpress nginx security cloudron htaccess • • ahkg

3

0
Votes

3
Posts

253
Views

@ahkg the reason for whitelisting 172.18.0.1 give access to all requests, is that this is the ip of the Cloudron internal gateway into the subnet where all apps are running. Unfortunately for your case the cloudron healtcheck also comes via this gateway. I think your htaccess file needs to check for the X-Forwarded-For header to check against the correct inbound address.
S

SOLVED Improve security and ciphers
Support • security • • saglagla

8

2
Votes

8
Posts

422
Views

I have updated the ciphers now according to mozilla's config generator. The commit is https://git.cloudron.io/cloudron/box/commit/ddaa52163bf3844b36d6c29fdffb5db3e0b3f5d0 For the CSP settings, this indeed cannot properly be done on a platform level, as apps require differently strict settings there and have to provide this on their own, so this should ideally be fixed in each app upstream.

UNSOLVED Wordpress: restrict access by IP (wp-admin and wp-login.php) Support • wordpress nginx security cloudron htaccess • • ahkg

SOLVED Improve security and ciphers Support • security • • saglagla

UNSOLVED Wordpress: restrict access by IP (wp-admin and wp-login.php)
Support • wordpress nginx security cloudron htaccess • • ahkg

SOLVED Improve security and ciphers
Support • security • • saglagla