Hi, I’m working on improving the security of my home server.
I want to use the Bitwarden app and the Chrome/Firefox extensions outside my LAN, but I don’t need Web Vault at all. How do I block access to Web Vault from outside the LAN in the Caddyfile?

pass.my-domain {
    @block_webvault_outside {
        not remote_ip 192.168.1.0/24 10.8.0.0/24
        
        # What should be there?
        # path /admin* will lock only admin options
    }

    respond @block_webvault_outside 403
    reverse_proxy vaultwarden:80
}
  • relaymoth@sh.itjust.worksEnglish
    3·
    21 days ago

    If you’re deploying Vaultwarden via docker, there’s an ENV to disable web vault

    WEB_VAULT_ENABLED=true

    Set to false and redeploy.

      • relaymoth@sh.itjust.worksEnglish
        1·
        21 days ago

        You’re right.

        If you login to Vaultwarden and access the Web vault, is there a path like /admin you can add to your blocked paths config?