Is it possible to restrict the management from the Internet so it is just accessed by the domain name, ie if someone enters https://1.2.3.4/ it doesn't work, but if someone enters https://mydymanicdns.entry (which resolves to 1.2.3.4) it does work.

I don't believe this is possible as name resolution will happen at client, router has no idea how IP address was resolved.

In theory it could be done if the router would only respond to a certain 'host header' in the web request. Ie a variant of how Web servers can respond with different web sites depending on the hostname used to reach them in the address, rather than the IP address itself. This would require Draytek changing the way the internal web server works in the router.

Why would you want to do this? If it's to increase security, it wouldn't be very effective.

admin wrote: Why would you want to do this? If it's to increase security, it wouldn't be very effective.

We are failing PCIS compliance due to it being a self signed certificate, I give the IP Address to the security company for them to scan, if it could show as closed unless accessed by a dns name, then I can still remotely access myself whilst satisfying the scan. However, no longer needed as I have gone down the route of VPN'ing in now as I can do this from my phone as well.

Well, I think that would probably mask the open port from their tests and you might then pass, but it's fooling the test and there's probably some rule about that. Any hacker could submit the same credentials if they use the URL, which is published on the DNS obviously - that's not as unlikely as you think as many servers will give different responses depending on the URL submitted so hackers won't just try raw IP addresses.

However, the answer's no anyway - there's no way for the Vigor to check/respond based on DNS. You can get certificates for varying costs... here's even one for 'free'' but I've go no idea if it's compatible with the Vigor...and you may get what you pay for: http://www.cacert.org/