I have a MT router with a public internet connection on one port. I can’t disable www service on it as the 3rd party monitoring service I am using will only monitor via http or https.
I have changed the port to a non-standard port, but here’s my issue: anyone who discovers and connects to the router has access to the graphing functions without logging in.
Shouldn’t the graphing functions be limited to authenticated users only??? I really don’t want anyone who happens to stumble across my router looking at my interface stats, etc!
I know you can limit access to the graphing functions via IP, but it is useful to me to be able to get to these functions from the public internet. I just think this should only be accessible AFTER you have logged in.
Any thoughts?