Disabling Web Interface
Forum rules
Please make sure you follow the Problem Reporting Guidelines before posting if you want a reply
Please make sure you follow the Problem Reporting Guidelines before posting if you want a reply
-
beefmitten
- Posts: 2
- Joined: Fri Aug 02, 2019 4:32 am
Disabling Web Interface
I am very new to UMS, so far everything is working wonderfully and very reminiscent of the PS3 media server which I am accustomed to.
This only thing I find concerning is the web interface option. Reason being is that I like to share family videos over the server, and I’m uneasy with them being anywhere near the internet.
How secure is this online hosting? I’ve delved pretty deep within the menus and options and couldn’t find anything to turn it off. Is there a way to turn it off completely?
Thank you.
This only thing I find concerning is the web interface option. Reason being is that I like to share family videos over the server, and I’m uneasy with them being anywhere near the internet.
How secure is this online hosting? I’ve delved pretty deep within the menus and options and couldn’t find anything to turn it off. Is there a way to turn it off completely?
Thank you.
Re: Disabling Web Interface
This isn't online hosting at all. The "web server" is running on the computer running UMS. Only devices that can access this computer via the network can access the web interface. That said, there isn't much "security" features built in. It is possible to require a code to be entered for certain folders, but I'm not sure how well it works as I've never tested it. Except for that, everybody that can reach the computer with port 80 (HTTP) can access the content.
This isn't really a "security problem" as such, since UPnP AV/DLNA itself doesn't have any form of authentication/security in the protocol/standard. This means that any device that can reach the computer running UMS can already get access to all the content using UPnP AV/DLNA (which also uses an HTTP ("Web") server to deliver content). Making them also available in the web interface on a second port doesn't really make any difference as such.
UPnP AV/DLNA is designed to be "simple to use", and as always that means: Hardly configurable, most choices have been made for you so you don't have to think. I'm sure they figured that using authentication would be much to complicated for the users, not to mention that it would complicate the implementation in all devices that should support it. They don't really give you any network configuration either, it's all dictated by the standard, and the rules are: Make all content available to all devices on the local network.
You can control access to UMS by configuring your firewall to only allow the devices you wish to access it, but I wouldn't recommend that unless you already know enough about networking to understand how to do it or you are willing to put in the time needed to acquire such knowledge.
In a "default configuration" nothing will be reachable from the internet, but if you connect to a public WiFi zone and doesn't block access via the firewall, others on that public WiFi zone will have access to your data. That's because a public WiFi zone IS one big "local network" from a technical point of view. As such, I wouldn't recommend anyone running UMS (or any other such server) when they are connected to public WiFi zones if they don't want to share their content with strangers.
If you don't do that, and has your computer at home behind a router running NAT (as most people do), the router makes sure that the devices behind it isn't accessible from the internet, unless you configure "port forwarding" in your router. "Port forwarding" is a way to give access to specific ports on the local network from the internet, so unless you forward the ports UMS is using (5001 and 9001 by default), they won't be available from the internet.
IPv6 doesn't have NAT (IPv4 is the "normal" type of IP addresses) which makes it less "secure by default". It's still possible to configure your router to not allow incoming access with IPv6, but unless you're into networking I'd recommend not using IPv6 for that reason.
This isn't really a "security problem" as such, since UPnP AV/DLNA itself doesn't have any form of authentication/security in the protocol/standard. This means that any device that can reach the computer running UMS can already get access to all the content using UPnP AV/DLNA (which also uses an HTTP ("Web") server to deliver content). Making them also available in the web interface on a second port doesn't really make any difference as such.
UPnP AV/DLNA is designed to be "simple to use", and as always that means: Hardly configurable, most choices have been made for you so you don't have to think. I'm sure they figured that using authentication would be much to complicated for the users, not to mention that it would complicate the implementation in all devices that should support it. They don't really give you any network configuration either, it's all dictated by the standard, and the rules are: Make all content available to all devices on the local network.
You can control access to UMS by configuring your firewall to only allow the devices you wish to access it, but I wouldn't recommend that unless you already know enough about networking to understand how to do it or you are willing to put in the time needed to acquire such knowledge.
In a "default configuration" nothing will be reachable from the internet, but if you connect to a public WiFi zone and doesn't block access via the firewall, others on that public WiFi zone will have access to your data. That's because a public WiFi zone IS one big "local network" from a technical point of view. As such, I wouldn't recommend anyone running UMS (or any other such server) when they are connected to public WiFi zones if they don't want to share their content with strangers.
If you don't do that, and has your computer at home behind a router running NAT (as most people do), the router makes sure that the devices behind it isn't accessible from the internet, unless you configure "port forwarding" in your router. "Port forwarding" is a way to give access to specific ports on the local network from the internet, so unless you forward the ports UMS is using (5001 and 9001 by default), they won't be available from the internet.
IPv6 doesn't have NAT (IPv4 is the "normal" type of IP addresses) which makes it less "secure by default". It's still possible to configure your router to not allow incoming access with IPv6, but unless you're into networking I'd recommend not using IPv6 for that reason.
-
beefmitten
- Posts: 2
- Joined: Fri Aug 02, 2019 4:32 am
Re: Disabling Web Interface
Thanks so much. I am not very keen on networking at all so I’m going to avoid meddling with any settings.
What you’ve said makes total sense, and has put my mind at ease. I am running UMS from a desktop, and not from my laptop so I won’t have to really worry about public wifi. I usually shut down my servers when they aren’t in use as an extra precaution anyway.
So with all that said, I feel much better. Thanks again for your help.
What you’ve said makes total sense, and has put my mind at ease. I am running UMS from a desktop, and not from my laptop so I won’t have to really worry about public wifi. I usually shut down my servers when they aren’t in use as an extra precaution anyway.
So with all that said, I feel much better. Thanks again for your help.