Security of server for web clipper

Does the server function for web clipper expose PC to external attacks?
Is enough to set the firewall to block in/out connections from all IPs except 127.0.0.1:41184?

Could the open port 127.0.0.1:41184 be used to have access to PC?

Thanks

Hi

127.0.0.1 is the internal IP of the machine, it can’t be accessed externally (address is not routable)

Remain risk may come from a local user on the machine accessing the web clipper

Excuse me but I don’t understand. In principle, the server could be accessed through any port, right? So I thought to block external connections. I’m not an expert but reading this https://serverfault.com/questions/276963/make-apache-only-accessible-via-127-0-0-1-is-this-possible I got the doubt. Could you explain me, please?

to access a service, you access it through a port - that’s right.
but any service can bind to a dedicated network interface (and it’s related IP address)
127.0.0.1 is bound to the local loopback - that’s the internal virtual network card of the machine.
eth0/wlan0/whatever is the physical network card and has a different IP address (192.168.0.1 in your example URL)

that’s more or less what’s explained in the 1st answer

1 Like

Ok. I think I understood. Your answer means that 127.0.0.1: 41184 can't be used by external attackers because it is innately local. And what about my first question?

This should prevent external attacks through other ports, right?

No, if you block all incoming and outgoing connections, you won't have any communication to the Internet at all.
This question is also not related to Joplin and I can't give you a course in TCP/IP and networking.

What you have to know is that the web clipper is not an attack vector for external adversaries.

2 Likes