CloudPanel behind a Proxy – Admin Settings
CloudPanel is installed behind a pfSense firewall with HA Proxy enabled on a shared public IP address. In this configuration the /admin/settings pages are accessible which is undesired. How can this be restricted? HA Proxy is passing the X-Forwarded-For to the backend however the Remote-Host contains the internal interface address of the firewall. I remember reading a long time ago that the /admin/settings was restricted to localhost but it is not in this configuration.
That is odd because it should be checking that the connection is from localhost and/or 127.0.0.1 loop back address. It coming from the interface of the firewall should not be allowing access to it. Can you use Google Chrome developer tools, click on the network tab, then go to the site to generate the traffic. Right click in the box and choose to save all to a HAR file and upload that?
I have the har file as requested. Is there a secure location to upload the content?