Sonarr, Radarr, and other exposed to www via portaccess

#1

Hi,

i have a clean install of quickbox and encounter a risky problem for me.
Acces sonarr via mydomain.com/sonarr everythign works fine, http gets redirect to https, htacces password check and certificate is green.
But when i go to mydomain:8989 i am straight into sonarr (even on other PCs and in privat tab). Is there a way to force htaccess check there to or is my only solution to use build in auth in the applications ?

<Config>
  <Port>8989</Port>
  <UrlBase>/sonarr</UrlBase>
  <BindAddress>*</BindAddress>
  <SslPort>9898</SslPort>
  <EnableSsl>False</EnableSsl>
  <LogLevel>Info</LogLevel>
  <Branch>master</Branch>
  <LaunchBrowser>False</LaunchBrowser>
  <UpdateMechanism>BuiltIn</UpdateMechanism>
  <AnalyticsEnabled>False</AnalyticsEnabled>
  <ApiKey></ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <SslCertHash></SslCertHash>
</Config


<Location /sonarr>
ProxyPass h t t p ://localhost:8989/sonarr
ProxyPassReverse  h t t p ://localhost:8989/sonarr
AuthType Digest
AuthName "rutorrent"
AuthUserFile '/etc/htpasswd'
Require user [USERNAME]
</Location>
#2

I tried bind sonarr to localhost or 0.0.0.0 or 127.0.0.1 without solution.