On 2/18/24 23:15, Andrea Miconi wrote:
My Guacamole is installed on a PC with Debian 12 and I use it to connect
to my PCs and servers.
Besides G. there is nothing else installed; maybe later I will want to
install Zabbix.
G. is now behind a firewall with HA-Proxy as reserver proxy.
I wonder if I shouldn't secure the server anyway, for example using UFW
or Failban.
It's always advisable to configure a tool like "fail2ban" - doing so
would allow you to automatically block attempts to brute-force login
credentials.
You will need to make sure that the fail2ban service is running on the
public-facing server. Blocking the IP address of a client machine will
otherwise have no impact if all client machines are actually your
reverse proxy from the perspective of the webapp.
Ensuring your system has a functional firewall, whether with UFW or
otherwise, should be standard practice. This has little to do with
Guacamole, particularly given that you would need to allow access to
Guacamole through your firewall anyway. This has more to do with
ensuring other services that may be running on your system are not
accessible.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org