Looking to see if there is a way to secure our self hosted n8n instance. Our team is trying to allow webhook access to the platform, but disable access to the administrative side of n8n. Looking through past forum posts I’m seeing that administration for n8n uses port 5678 but my understanding is that webhooks also use this port to access n8n. Is there a way to split webhook access to a different port so we can grant access to just the UI within a specific network?
I am not sure how well it would work but this is something you would need to handle at the network layer.
You don’t need to split the ports instead you could do it from uri routes and allow everyone access to /webhook/ and set a rule on everything else.
You could look at queue mode as well which may be a better solution, part of the setup is to create an instance that only handles webhooks you can then only allow the routing for that host and restrict everything else.