Please elaborate why do you want to turn off webvault. I guess you want to secure it that way, but turning web vault off is not a security measure. You vaultwarden is still accessible on the same port trough the internet. You will just see 404: Not Found in a browser when you try to visit your web vault. Nonetheless your Vaultwarden is still there. How else could you connect from you iOS if there will be not any? Turning off just a web page IS NOT a security measure. However consider solutions below:
-
Whitelist on firewall or reverse proxy to allow only trusted IPs, example only from your own country.
-
Deploy Wireguard VPN and access Vaultwarden from internal network only.
-
Configure Fail2Ban to prevent access from anyone after X failed login attempts from his IP address.
-
Use Knock.d - https://linux.die.net/man/1/knockd - you can keep all your ports closed, but knock.d will add dynamically a firewall rule to allow the connection after receiving proper combination of packets you define. It is really an aweosome tool. It allows to access any services only on demand securely.
-
Configure 2FA for all accounts
-
Dissallow sign ups
Please also check and read my comment in this post: