Matomo UI Security


(Joe) #1

Hello,

Does anyone know how to run the Matomo UI on different ports than the 80/443 used for the tracking calls?

This might be an Apache config question rather than a Matomo one, so apologies if this is not an appropriate question.

Thank you,

Joe


(Fabian Dellwing) #2

This should just work out of the box if you configure the webserver to serve your content on non standard ports.

Please take note, that this will not improve any security. https://www.shodan.io will scan every port in default range and detect you application anyway. Using nmap you can even scan a custom portrange.


(Joe) #3

Thanks Fabian,

Sorry I wasn’t clear, by security, I meant that I’d like to block the port used for the UI, except from specific IP addresses. Changing the port of the UI was only a means to this end (so as not to block the tracking traffic as well).

My concern is that by default, the UI and tracking calls seem to share the 80/443 ports… do you know if UI and tracking can be separated out?

Many thanks,

Joe


(Fabian Dellwing) #4

By default every single HTML/PHP application shares these two ports, so I do not know a possibility to put the UI on a different port as it is the same application.

But I think How do I restrict viewing the analytics reports to one or more whitelisted IP addresses or IP ranges? - Analytics Platform - Matomo will satisfy your needs.


(Joe) #5

Thanks Fabian, makes sense… I wondered if they might be separate applications sharing DNS & ports, but differentiated by path, so good to know for sure.
Blocking before reaching that application would be preferable, but appreciate that’s not an option, so will follow your advice.
Thanks again!
Joe