17.2. Access over Internet

17.2. Access over Internet
Prev	Chapter 17. Security	Next

Take extra care when SavaPage is accessible over public Internet, as a result of enabled Internet Print or explicit WAN to LAN routing, since authentication falls back to global defaults for User Authentication. At least make sure that access to the Admin Web App is solidly secured.

Internet access to each Web App can be restricted with configuration properties in the table below:

Configuration property	Description
webapp.internet.enable	Set to `Y` (default) or `N` to enable/disable Internet access for all Web Apps.
webapp.internet..enable = admin \| jobtickets \| mailtickets \| payment \| pos \| printsite \| user	Set to `Y` (default) or `N` to enable/disable Internet access for a specific Web App.
webapp.internet..auth-mode.enable = admin \| jobtickets \| mailtickets \| payment \| pos \| printsite \| user	Set to `Y` or `N` (default) to enable/disable webapp.internet.*.auth-modes for a specific Web App. Note: if webapp.internet.admin.auth-mode.enable = `Y`, then user `admin` is not allowed to login to Admin WebApp via Internet.
webapp.internet..auth-modes = admin \| jobtickets \| mailtickets \| payment \| pos \| printsite \| user	A comma-separated list of authentication methods (`name`, `email`, `id`, `nfc-local`, `yubikey`, `oauth`) for a specific Web App. The first in the list is the default method.

Table 17.1. Web App Internet Access Configuration Properties

See Section 4.11.14, “Config Editor” on how to set these items.

Note

Exceptions to these generic restrictions can be configured by creating a Terminal Device for each trusted client IP address and configure Custom User Login methods.