Little Snitch for Linux Help

Securing the Web Interface

The Little Snitch daemon listens on a network port for browser connections. Every browser, and in fact every program, that can reach this port has full access to the user interface: it could add and remove rules, tamper with blocklists, or turn the filter off entirely.

The default: loopback only

By default, Little Snitch binds to the loopback interface (127.0.0.1) only. This limits access to processes running on the local machine. If you are the only user of your computer, this is probably sufficient and all you want.

When you need more

You need better protection if:

In these cases, require authentication. And if you require authentication, you also need encryption (TLS) for the client connection, otherwise credentials travel in the clear.

Configuration options

All access related settings live in the configuration file web_ui.toml. See Advanced Configuration for where this file lives and how to override it safely. The available options are:

The web_ui.toml file shipped with Little Snitch documents each option in detail, including the exact key names and value formats. This manual intentionally does not duplicate that reference. The file itself is always authoritative for the version you are running.

Also consider the ui_base_urls option in web_ui.toml, which adds a check against cross site request forgery.

Login screen of the web interface with authentication enabled

Logging out

If authentication is enabled, you can end your session with the logout button in the UI.

Built-in protections

Independent of your configuration, the web interface ships with several protections: failed logins trigger a hold off period and per user attempt limits to slow down brute force attacks, passwords are wiped from memory immediately after use, password checks run in a privileged helper process, and all responses carry a Content Security Policy header.


Was this help page useful? Send feedback.
© 2016-2026 by Objective Development Software GmbH