Introduction
Zabbix is a powerful monitoring system often used to track server health, network devices, and services. By default, after installation, the Zabbix web interface becomes available not only locally but also from the internet, which may pose a security risk. In this article, we’ll explain how to restrict access to the Zabbix web interface so it is only available from your local network using Apache. So, how to restrict access to Zabbix from the local network only via Apache
I have this domain and now I have access to the Zabbix admin UI.
Main Steps
Zabbix is usually integrated into Apache through the config file /etc/apache2/conf-enabled/zabbix.conf, where the web UI directory is declared:
<Directory "/usr/share/zabbix/ui">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
...
</Directory>We are interested in the <Directory "/usr/share/zabbix/ui"> block, where access rules need to be modified.
Here is the updated version:
<Directory "/usr/share/zabbix/ui">
Options FollowSymLinks
AllowOverride None
Require ip 192.168.99.0/24
Require all denied
</Directory>This configuration means:
- Allow access only from IPs in the
192.168.99.0/24subnet - Deny access to everyone else
After editing the file, apply the changes by reloading Apache:
sudo systemctl reload apache2Verifying the Changes
Try opening the Zabbix interface:
- From the internet (e.g., via a public domain): you should see a
403 Forbiddenerror. - From the local network: the page should open normally.
This confirms that Apache successfully blocks external access to the Zabbix admin panel.
Conclusion
Securing Zabbix is a vital part of managing a monitoring system. Simple IP-based access restriction significantly reduces the risk of unauthorized access. This method is ideal for internal environments and test setups where Zabbix should not be exposed publicly.
