Hello!
We publish web-console to open internet and from the next day we come across with login brute force. Is there any way to publish PRTG only for Mobile Apps and not publish web-console? Or is there any way to add two-factor authentication?
Thank you!
Article Comments
There is further a reverse proxy you can set in front of your PRTG installation - this allows you to pre-filter the incoming traffic a bit.
As for security - you should do a few things:
- use an external IP from your range (if possible) that you haven't use before for WEB
- put a reverse proxy in place in the DMZ
- make sure only the specific URL for PRTG gets through
- use a certificate on the webserver - encrypted traffic only - this is hopefully already in place
- chose a secure URL - something like WELOVEPRTG.COMPANY.COM - something not to obivous
- LDAP login for regular user accounts in a specific group only
This list can go on with a view special settings - but for the most part this is what you should do... In theory you might be able to alter the PORT as well to go away for 443 - but now it becomes a bit more complicated...
PRTG overs a cloud solution as well - there it is their responsibility to avoid the issue and make sure it is secure - depending on your needs probably just another way to go..
Regards
Florian Rossmark
Nov, 2018 - Permalink
Hello Vasily,
Thank you very much for your question.
As we don't support client certificates in none of our clients at present, you'll need to whitelist the following paths in order to fully use the mobile apps:
/api/* /mapshow.htm /controls/screenshot.htm /historicdata_html.htm /chart.png /chart.svg /editsettings /wingui.htm /generatereport.htmBest regards,
Sebastian
Nov, 2018 - Permalink