Page 1 of 1

disable web access - leave access to graphs

Posted: Fri Apr 06, 2007 6:37 pm
by jorj
Hi all.
I want to allow clients to see the graph for their simple queue, created for each user, and at the same time NOT to allow them to acces the webbox interface, in fact I don't want them to see that the router is Mikrotik at all. Or that the router has any other services online for the web, except queue graphs, with permision for each user for it's own queue graph.
eg: has access to graph for , and ONLY there. No web, NO web login, no nothing else.
It's sometimes (I mean allways) inconvenient for the users to know what are you running, or to fill your log with incorrect login attempts.

Is it possible ?

I read this at first: ... =graph+web
and i searched trough the forum, but found no way to do it.
If i missed something, please correct me.

Any guru faced this problem ?

Posted: Mon Apr 09, 2007 12:28 pm
by jorj
Anybody ? :roll: :idea: :?:

Posted: Mon Apr 09, 2007 3:04 pm
by tneumann
I don't think it can be done on the router itself, but a possible solution would be to setup an Apache webserver from where you'd reverse-proxy relevant parts of the URL-space to graph display pages on the router. For this it is especially convenient that the queue name is part of the URL, which is nice because then you can individually protect them by (parts of) the URL. On the router you would then be able to restrict web access to the graphs to the IP address of the Apache server (as it would be a reverse proxy, hence be the source address of the web requests) and could use all the access restriction and password protection facilities that Apache can offer.


Posted: Tue Apr 10, 2007 8:59 pm
by jorj
I do have a apache wich i use to display a blocking page with a redirect for "special" customers, but for graphs, it's just too complicated.

I mean, I couldn't know exactly this, but it should not be very complicated for mt stuff to put a switch in cli or winbox to disable the starting page that is displayed for the mt box: eg. http://xxx.yyy.zzz.www, leaving at the same time xxx.yyy.zzz.www/graphs and xxx.yyy.zzz.www/userman and the rest active.
Just a thought. At least for me, this would be very useful.