Is there a way to secure Matomo admin page?

[jrca025]

We want to secure the Matomo admin page so it is not accessible publicly. As per checking, all admin pages is located in 10.1.0.2/index.php. Basically we want to put Cloudflare Access/Tunnel on this specific path while still keeping the main IP 10.1.0.2 still open to public for tracking requests

[bx80]

Hi @jrca025, thanks for reaching out.

As you've identified the admin page functions do not have a separate URL or page so they can't be restricted by simple path.
Depending on the options available to you for creating access rules, it may be possible to restrict access to 10.1.02/index.php?module=CoreAdminHome which is the module containing the administration functions.

[jrca025]

@bx80 do you have any guides/doc for use-case like this?

[MatomoForumNotifications]

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/is-there-a-way-to-secure-the-matomo-admin-page/47448/2

[bx80]

Unfortunately this is very much dependent on the service you use to do the blocking, Cloudflare have a number of different products so it would be best to refer to their documentation at https://developers.cloudflare.com/