Topic: Block all web services except EAS
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer? DOwnload
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
In order to minimize the attack surface of my mail server, I want to block all web interfaces/services, EXCEPT for EAS.
My firewall can block at the port level only (so I have to forward port 443 to enable EAS). But that means webmail, CALDAV, CARDAV, are all exposed to the internet. My firewall does not have any DPI/URL parsing capabilities.
Is there a way to block everything but the EAS service to the internet? (I'm new to NGINX but perhaps the answer lies as that level)
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.