Whitelist Admin UI / API IPs

maxileith

Hi there,

I know I just opened a similar named thread but it is different, trust me 🙂

Is it possible to only allow traffic to the Admin UI / API from a certain IP? My mailserver is connected via a VPN to my home network. I want to only allow traffic to the Admin interface through that VPN (interface wg0). Is that possible?

esackbauer

Same answer here: Use a separate firewall which can do such things in front of mailcow.
I use Sophos Firewall which is even better because it can detect malicious web requests and block them.
Also I use abuseipdb.com IP addresses for blocking.
You could also block certain URLs with the hardening features of a web application firewall.

In general, mailcow was meant to be put directly into the internet, it enforces firewall rules itself via netfilter and iptables, it has also fail2ban functionality which stops brute force attacks.