DMZ needed for web monitoring app?

I am reconfing some currently external web apps to run on my home server and among them is Matomo, which is a website monitor and visit counter. ( Other applications that fall in the same category would be Google Analytics and Statcounter.)

I may also be adding another app, should Matomo not have that functionality, to monitor website uptime via ICMP and HTTP ping. Possibly Uptime-Kuma. Just to gather uptime stats, basically.

None of the above would be open to the web, afaik, so my first reaction is I do not need put these in DMZ, but since I want a safe network, I figure I better ask you about it.

Do I need to put those in a DMZ?

My view would be that if nothing is going to access those apps from the internet then it shouldn’t be a problem to have them in the green network.

The main thing that the DMZ is used for is web servers, mail servers etc that need to be accessed from the internet and where you want to ensure that if a hacker finds a bug in one of those applications they can’t use it to access the whole of your green lan systems.

I also use the DMZ for IOT systems such as my Television, BluRay player, Smart Thermostat… so they can access the internet for updates to their software but can’t do anything bad with my green lan systems if there turns out to be a bug in the software/firmware for those IOT systems.

3 Likes

Thanks Adolf. I suspected as much, but it is nice to have some feedback and input from someone with more experience.

I will try to find out a bit more about the apps, some have this “talkback” functionality or feature that effectively enables two way communication, which is what I would like to avoid.