Serviio Console Access Restriction

How to protect serviio console external access on Synology.

I'm running latest Serviio on Synology DSM7.0.1 using Docker.

I have a domain name that I use to access the Synology. For the console I connect [domainname:23423/console]. This is apparently open to the world to access. I have a User account specified for Mediabrowser access that challenges the user with name and password.

Is there any way to restrict the console to a specified user name and password?

Thanks for any assistance.

[atc98092]

No, there is no authentication for the Serviio console. But it's not open to the world. It is open to your network, but unless you set up port forwarding to your console in your network firewall, it can't be reached from elsewhere. And of course MediaBrowser isn't available to the Internet side unless you also port forward it as well. So if port 23423 is not forwarded in your firewall, it's protected from the Internet at large.

I think not beeing able to restrict acess to the console with an extra login -regardless from whatever location- is a defect.
Any unauthenticated user from the local network is able to login to the serviio console and then is able to modify/grant/delete the rights for acessing a media Library.
You might say the home network is trusted, but then think of a scenario like this:
You have two video Libraries, one with general content the other filled with Porn.
Serviio can set a library to beeing acessible only for some users. You dont want your underage family members to get access to the over 18 content.
But as soon as anyone of the household has figured out the default Port the Admin interface listens to, he can give himself acess to the Porn library. Ok I can simply forbid him to do this again, but then problem has already happend.

Leaving the administration unsecured while making it possible to restrict content by the administration makes no sense unless you can secure the administration.

There is a simple workaround for this problem. You can use a firewall to block connections to port 23423 (http) and 23523 (https) for anyone but a designated IP you want to use for Managment. Playback is still possible because it uses other ports.
Qnap includes a firewall which is easy to manage. Windows also.
Other platform most likely also have a similar feature.
Still an authentication would be a good thing to have.

Once users are setup with access password, is it possible for the same authentication to be used for access to the console?

As now the firewall is great idea bur not viable for use with andriod app, or remote access.

But true I agree any one with little knowledge about ip with web browser can just type

Http://(Web access ip):23423/console

And have a big security risk for foul play.
Hope this can be resolved

[atc98092]

Once users are setup with access password, is it possible for the same authentication to be used for access to the console?

No, there's no authentication for the console. But as I responded to you in your other post, there's really no reason to make the console available through your router to the Internet.