Differentiate MFA between LAN and WAN

Is it possible to have MFA when connecting to the server from WAN, but not when connecting from LAN ?
The questions have been asked on this forum before, but didn’t receive a valid answer.
The best solution i.m.h.o. would be the have 2 listening ports, one with MFA and one without.

The answer set up two different profiles is’n usefull, the unprotected profile would still be available to the internet which is what you want to avoid.

I don’t know of a method to configure MFA in a reverse proxy, that might also be a solution, but it would require home-assistant to be an auth provider ?

The two profile option could still be an option if you check the non-MFA user as “Can only log in from the local network” ?

OK, correct. Didn’t know that was an option.
I’ll go with that solution