Hey all,
I have a wan facing install due to many of my team operating with mobile phone
hotspots whilst visiting customers.
An Issue I'm having is I want to restrict the GUI to only our admin team's IP
address but editing the Apache Config with;
# webUI is now completely static, and served out of that directory
Alias /ipa/ui "/usr/share/ipa/ui"
<Directory "/usr/share/ipa/ui">
SetHandler None
AllowOverride None
Satisfy Any
Require all granted
ExpiresActive On
ExpiresDefault "access plus 1 year"
<FilesMatch "(index.html|loader.js|login.html|reset_password.html)">
ExpiresDefault "access plus 0 seconds"
</FilesMatch>
Order allow,deny
Allow from <ADMIN IP RANGE>
</Directory>
Is still allowing anyone with a browser to reach the IPA gui.
We have Keycloak in place for staff and users to update their passwords.
Any pointers? I would personally prefer to firewall it off but that effects
other IPA features.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-users] Limiting access to GUI
Entrepreneur AJ via FreeIPA-users Mon, 17 Oct 2022 04:20:19 -0700
- [Freeipa-users] Limiting access to GUI Entrepreneur AJ via FreeIPA-users
- [Freeipa-users] Re: Limiting access... Rob Crittenden via FreeIPA-users
- [Freeipa-users] Re: Limiting ac... Entrepreneur AJ via FreeIPA-users
- [Freeipa-users] Re: Limitin... Rob Crittenden via FreeIPA-users
- [Freeipa-users] Re: Lim... Entrepreneur AJ via FreeIPA-users
- [Freeipa-users] Re: Lim... Entrepreneur AJ via FreeIPA-users
