diff --git a/CloudronManifest.json b/CloudronManifest.json
index f159d65..456878b 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -17,6 +17,10 @@
       "localDir": "/data"
     }
   },
+  "accessRestriction": {
+    "users": true,
+    "defaultValue": "internal"
+  },
   "tags": [
     "elasticsearch",
     "search",
@@ -25,7 +29,7 @@
   ],
   "minBoxVersion": "7.0.0",
   "memoryLimit": 4294967296,
-  "postInstallMessage": "Elasticsearch is now installed and available for internal use only.\n\nConnection Information:\n- REST API: ```http://IPADDRESS:9200``` (from within other Cloudron apps)\n- Transport Protocol: port ```9300``` (for Elasticsearch clients)\n\nAuthentication:\n- Username: ```elastic```\n- Password: A secure random password has been generated and stored in ```/app/data/credentials.txt```.\n\nThe password can be retrieved from:\n1. The app logs\n2. By accessing the app container\n3. The file at ```/app/data/credentials.txt```\n\n### Important: Creating Indices\nBefore using Elasticsearch with applications like NextCloud, you need to create the necessary indices.\n\nFor NextCloud FullTextSearch:\n```\ncurl -X PUT \"http://elastic:PASSWORD@IPADDRESS:9200/nextcloud\" -H 'Content-Type: application/json' -d'\n{\n  \"settings\": {\n    \"index\": {\n      \"number_of_shards\": 1,\n      \"number_of_replicas\": 0,\n      \"refresh_interval\": \"10s\"\n    }\n  }\n}\n'\n```\nReplace PASSWORD with your elastic user password and IPADDRESS with the Elasticsearch container's IP address.\n\nNote: SSL is disabled for HTTP connections for compatibility with most client applications.",
+  "postInstallMessage": "Elasticsearch is now installed and available for internal use only.\n\nConnection Information:\n- REST API: ```http://IPADDRESS:9200``` (from within other Cloudron apps)\n- Transport Protocol: port ```9300``` (for Elasticsearch clients)\n\nAuthentication:\n- Username: ```elastic```\n- Password: A secure random password has been generated and stored in ```/app/data/credentials.txt```.\n\nThe password can be retrieved from:\n1. The app logs\n2. By accessing the app container\n3. The file at ```/app/data/credentials.txt```\n\nThe IP Address can be retrieved from the app logs\n\n### Important: Creating Indices\nBefore using Elasticsearch with applications like NextCloud, you need to create the necessary indices.\n\nFor NextCloud FullTextSearch (run for example within the NextCloud Apps Terminal):\n```\ncurl -X PUT \"http://elastic:PASSWORD@IPADDRESS:9200/nextcloud\" -H 'Content-Type: application/json' -d'\n{\n  \"settings\": {\n    \"index\": {\n      \"number_of_shards\": 1,\n      \"number_of_replicas\": 0,\n      \"refresh_interval\": \"10s\"\n    }\n  }\n}\n'\n```\nReplace PASSWORD with your elastic user password and IPADDRESS with the Elasticsearch container's IP address.\n\nNote: SSL is disabled for HTTP connections for compatibility with most client applications.",
   "multiDomain": false,
   "tcpPorts": {
     "9300": {
diff --git a/README.md b/README.md
index e18302b..086b480 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ This package provides Elasticsearch for Cloudron, configured for internal use on
 - Elasticsearch 8.17.3
 - Single-node configuration optimized for Cloudron
 - Security enabled with basic authentication
-- Internal access only
+- Internal access only by default (not publicly exposed)
 - Automatic optimization based on container resources
 
 ## Usage
@@ -71,6 +71,8 @@ You can get the IP address from the Cloudron admin panel or by using the `cloudr
 
 ## Security Notes
 
+- The app is configured as internal-only by default, so it's not exposed to the public internet
+- If you need external access, you can configure access restrictions in the Cloudron admin panel
 - HTTP SSL is disabled for compatibility with most client applications
 - Transport protocol is secured with internal certificates
 - Authentication is required for all operations
@@ -86,7 +88,7 @@ The package automatically configures Elasticsearch based on the container's avai
 
 ## Limitations
 
-- This package is for internal use only and is not exposed to the web
+- This package is for internal use only and is not exposed to the web by default
 - It's configured as a single-node cluster for simplicity
 - Memory usage scales with container limits set in Cloudron