How to disable direct port access through URL

Question

So I was wondering if it's possible to block direct port access via URL. I set up my own security system with a raspberry pi and made a web page to where I can view my livestream. It uses port 8081 for stream viewing, but if I type in www.mydomain.com:8081 it just bypasses my website and goes directly to the stream. I would like to disable that. (in the future I will require username and password to access the stream). Is this possible at all? Or even if I have to redirect it to my home page that will be fine also. I've tried searching and everything is showing up as virtualhost which I don't think is what I'm looking for.

I am using apache as my webserver and motion for my surveillance system. I also have port 80 and 8081 forwarded

Answer 1

If you want to block direct access, you just have to block it through the system ( and configure Apache/Nginx to do a proxypass to the port)

Example for you:

On the terminal run the following commands so you won't be able to directly access it (but your Apache/Nginx will be able to redirect you here)

#First make the port accessible locally
iptables -A INPUT -p tcp --dport 8081 -s 127.0.0.0/8 -j ACCEPT
#Now drop request from all other sources
iptables -A INPUT -p tcp --dport 8081 -j DROP

On the Config, for Nginx would be something like this:

location /security {
    expires max;
    proxy_pass http://127.0.0.1:8081;
    auth_basic "Restricted"; # If you want Basic Auth
    auth_basic_user_file /etc/nginx/.htpasswd; # If you want Basic Auth
    }

Now you just go to www.mydomain.com/security and will have login prompted (if you use the Basic Auth), otherwise you'll get the Livestream.