Issue with WBM Interface availability on localhost using WAGO CC100 Webinterface

Dear Community Members,

I am writing to seek assistance with a configuration issue we are facing regarding the WAGO CC100 WBM Webinterface. We are currently using our own docker images on top of the Controller, and our goal is to restrict access to the WBM interface only on the localhost address. This way, we can conveniently access the WBM interface from our docker container while preventing general access, as the web server should not listen on the general network.

To achieve this, we attempted to modify the “/etc/lighttpd/mode.conf” file by setting the “bind” option to “127.0.0.1.”. The mode.conf symlink is included in “/etc/lighttpd/lighttpd.conf”. However, upon restarting the web server using “/etc/init.d/lighttpd restart” we encountered an error message that reads as follows:

“(network.c.540) can’t bind to socket: 127.0.0.1:80: Address already in use
lighttpd: error, could not start server.”

Surprisingly, we have verified that the port 80 should be available since executing the command “netstat -tulpn” does not return any entry for “127.0.0.1:80”.

Switching back to the default binding address “0.0.0.0”, the server starts again, but remains available in the network.

We would greatly appreciate any insights or suggestions you may have to help us determine the cause of this issue and enable the desired startup of the web server. Is there anything we might be overlooking in our configuration or the startup process of the web server? Additionally, if you have any tips or troubleshooting steps that could aid us in resolving this matter, we would be grateful to hear them.

Thank you in advance for your time and assistance. We eagerly await your guidance.

Best regards,
Fabian

Hello @Dr.Fix ,
Make sure port 80 isn’t used at all

netstat -pntle  | grep :80

You might need to kill the processes using port 80 or reboot the PLC.

Maybe the firewall would be a best option to achieve what you are trying to do ?
Then you don’t need to change lighttpd configuration.
You could probably create a "user filter’ rule to enable the WBM only on loopback address . (Never tested though).

EDIT :
Just setting up firewall seem to do the trick. You don’t need to create user filter.
Disable HTTP and HTTPS on interface in the firewall menu.
Then the WBM is accessible only “from the inside” (tested with curl within an SSH session).
If you want to disable globally the firewall with command line (to retrieve the WBM ):

/etc/config-tools/firewall firewall --disable

or specifically the https

/etc/config-tools/firewall https --set-if off br0 --apply up

Hello @quenorha

I wanted to provide you with an update on the solution you suggested. After testing your approach of disabling HTTP and HTTPS in the firewall settings, the WBM interface is restricted to be accessed “only from the inside”, which aligns perfectly with our requirements and doesn’t require any lighttpd configuration changes at all.

Thank you for your prompt response and for pointing us in the right direction.

Best regards,
Fabian