@jrca025 opened this Issue on September 22nd 2022

We want to secure the Matomo admin page so it is not accessible publicly. As per checking, all admin pages is located in 10.1.0.2/index.php. Basically we want to put Cloudflare Access/Tunnel on this specific path while still keeping the main IP 10.1.0.2 still open to public for tracking requests

@bx80 commented on September 22nd 2022 Contributor

Hi @jrca025, thanks for reaching out.

As you've identified the admin page functions do not have a separate URL or page so they can't be restricted by simple path.
Depending on the options available to you for creating access rules, it may be possible to restrict access to 10.1.02/index.php?module=CoreAdminHome which is the module containing the administration functions.

@jrca025 commented on September 22nd 2022

@bx80 do you have any guides/doc for use-case like this?

@MatomoForumNotifications commented on September 22nd 2022

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/is-there-a-way-to-secure-the-matomo-admin-page/47448/2

@bx80 commented on September 22nd 2022 Contributor

Unfortunately this is very much dependent on the service you use to do the blocking, Cloudflare have a number of different products so it would be best to refer to their documentation at https://developers.cloudflare.com/

This Issue was closed on September 22nd 2022
Powered by GitHub Issue Mirror