Restrict Appwrite Console

I have a Website at www.example.com and It access appwrite which is hosted on appwrite.example.com. Now anybody can see the Console when they come to the Subdomain. Can I use the Appwrite API to get documents etc but Restrict acces to Appwrite Console?

It's not because because someone would need to log in to the Console in order to do anything.

Can we Use like a VPN to Connect to the Server and Connect it under LocalHost? So authorized persons can view and Change anything and Others cant even see anything?

I don't think it's worth it but you can do whatever you want.

Keep in mind, the APIs are still there and it's the same APIs your projects use.

but if they still enter they cannot access the panel so they enter the url

One quick solution I've found for this is to use Cloudflare zero trust. Basically it's a service offered by Cloudflare for big enterprises but it's free up to 50 users, which is more the enough in most cases.

You work flow would be something like this.

1. Move your domain to Cloudflare (it's free)
2. Open Zero Trust (access) in Cloudflare (It's 100% free)
3. Make your Appwrite subdomain block in the /console endpoint only.

That's way you will have fully opened Appwrite API & realtime but enterprise grade secured console.

As a reminder active Appwrite server has (not all) these endpoints

• appwrite.example.com/v1 - API endpoint
• appwrite.example.com/console - Console endpoint
• appwrite.example.com//v1/realtime - Realtime endpoint
• appwrite.example.com/login | signup etc - Console user management endpoints

And although you won't be able to block the console user management endpoints because doing so you will also block your API. but blocking the console would be a great solution for 99.99% of the time

Why is it not possible to set the console url path in the conf file and then docker compose up that change into appwrite, so that the console would be no longer on the default /console path, but whatever was defined in the conf file, like /jdbwljeowncj for instace? WordPress has got plugins to hide the default wp-admin login page. Why not Appwrite also?

1. it might be difficult to get the Console (a single page app) to work correctly after changing the path
2. Most of the APIs used in the Console are the same APIs used by any other project so you can't really block them.

1. If the app can work at /console, it can work at any path, the console frontends source code just needs to be adjusted to be able to dynamically obtain the path from somewhere, not have it hardcoded into itself.
2. I don't really understand the second issue. The login to the console is installation-based, not project based. Each project does not have a unique console path, all projects are managed from under a single login. So how is this an issue?

I don't want to clutter this thread more. Feel free to create a new <#1072905050399191082> post