How to reject public connection to Surveillance station when sub domain requested don't match

Currently reading
How to reject public connection to Surveillance station when sub domain requested don't match

2
1
NAS
720+
Operating system
  1. Windows
Hello,

I would like to know if it's possible to reject any internet connection to a specific package (eq: Surveillance station) when the url requested don't match with cam.domain.com ?

To explain my situation, I have 2 sub domains :
ftp.domain.com with the port 1421
cam.domain.com with the port 5412

All is working fine, but I would like to block the connections see bellow :
ftp.domain.com over the port 5412
mypublicip over the port 5412
To resume, only to authorize the connection to Surveillance station by connecting on the url «cam.domain.com» on the port 5412

I searched for a few hours without success ;(, thanks in advance for your help.
 
When you have assigned a specific port to a package or service then that will get requests directly to the service that is listening on that port. You may get issues with SSL certificate validation on the clients if they use the wrong FQDN with the right port.

If you don't use a customised port then the package's customised domain will use default ports for HTTP (80) and HTTPS (443). The built-in reverse proxying features will then work out which package is being requested.
 
Thanks a lot for your reply.

The access will be only for me.
I was finally arrived to this solution :
Public : cam.domain.com on the port 5412
Routeur : traffic redirection from the port 5412 to Synology port 443 to keep the reverse proxy feature.
Synology : Classic reverse proxy to Surveillance station

It's working even the port 443 is known and open on my local network.
It's already an acceptable config, an intruder need to know :
- exact url
- port
- double authentification
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
There is nothing wrong here with the setup and configuration, but the fact is that you essentially have a...
Replies
2
Views
842
  • Question
Thank you all for your help I am now able to use the 5tb drive. I reformatted the drive using exfat and...
Replies
13
Views
1,492
I have solved the issue. I had assigned a static IP Thank you a lot for the support
Replies
9
Views
2,158
And this? Can anything other than your MBP connect to the problem wifi(s), eg your phone, another laptop?
Replies
15
Views
1,344
Deleted member 5784
D
So you ruled out the cables by swapping them and now it’s down to the provided port. I guess you’ll need...
Replies
8
Views
1,131
Old thread, but maybe my solution in a similar frustrating situation will be helpful to some. At least I...
Replies
7
Views
4,924

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top