Security
8. Security
This page controls access to the SLZB‑OS web interface and the TCP “socket” that exposes the Zigbee coordinator to Z2M/ZHA. The options below are listed exactly as they appear.
8.1 Web‑server when socket is connected
What it does: Controls whether the SLZB‑OS web UI remains available while the coordinator’s TCP socket is actively in use by Zigbee2MQTT or ZHA.
-
Enable – The web server stays accessible even when the socket is already connected (e.g., your Z2M/ZHA is using the coordinator). Useful when you want to keep configuring the device during active operation.
-
Disable – The web server is turned off whenever the socket is connected. This adds security by preventing web access while Z2M/ZHA is using the coordinator.
Recommendation:
For maximum security on production systems, choose Disable. Use Enable while commissioning or troubleshooting.
8.2 Web server authentication
What it does: Enables login protection for the SLZB‑OS web interface.
-
Enable web server authentication – Requires credentials to access the web UI.
-
Fields (shown when enabled):
-
Login – Username for web access
-
Password – Password for web access
-
Recommendation:
Keep this enabled and use a strong password.
8.3 IP whitelist for socket
What it does: Restricts which client can connect to the Zigbee TCP socket (the bridge used by Z2M/ZHA).
-
Enable IP whitelist for socket – Only the specified address can connect to the Zigbee socket.
-
Field:
-
Allowed IP – A single IP address permitted to access the socket. All other addresses are blocked.
-
-
Disable – Any device on the network can attempt to access the socket (less secure).
Recommendation:
Enable this and set Allowed IP to the host that runs Z2M/ZHA (e.g., your Home Assistant server).
8.4 Fallback Wi‑Fi AP password
What it does: Protects the fallback Wi‑Fi access point (brought up by the device in recovery/initial setup scenarios).
-
Activate password for Fallback Wi‑Fi AP – Requires a password to join the fallback AP.
Recommendation:
Enable this to prevent unauthorized local access during recovery.
8.5 Save & Operational Notes
-
After changing security options, Save/Apply and reconnect if prompted.
-
If you Disable web server when socket is connected, you may temporarily lose UI access when Z2M/ZHA is connected; disconnect the client or stop the service to regain the UI.
-
When IP whitelist for socket is enabled with a wrong IP, Z2M/ZHA will fail to connect—double‑check the Allowed IP value.