Restrict access to OH2 for particular IP address / deactivation of HTTP

Hi all,

in the official OH documentation it is referred to restricting access for particular source IP addresses:

I’d like to restrict access for an IP range or at least some single entries.

I know that none of this syntax work:






Is there an option at all to configure it?

In addition can it be configured that OH service is not listening to HTTP but only on HTTPS?


As far as I can tell, you can only specify one address.
For HTTP vs. HTTPS, you might have to proxy through nginx.

1 Like

I suggest xternal firewall. Under linux iptables and ip6tables does the job. You can sort the rules with destination ports.

I wouldn’t even be sure it works at all. It was a feature in OHv1 that was dropped in v2, and there recently were attempts to introduce that back into 2.4, but those failed and were removed. I’m not 100% sure if that “one address” was left in or if it’s a docs bug.

What you can and should do for the time being is to deploy a reverse proxy like nginx and do the authentication there (based on IPs and/or user). It can also do HTTPS.
A preconfigured nginx is part of openHABian.