Entrepreneur AJ via FreeIPA-users wrote: > Hey all, > I have a wan facing install due to many of my team operating with mobile > phone hotspots whilst visiting customers. > An Issue I'm having is I want to restrict the GUI to only our admin team's IP > address but editing the Apache Config with; > # webUI is now completely static, and served out of that directory > Alias /ipa/ui "/usr/share/ipa/ui" > <Directory "/usr/share/ipa/ui"> > SetHandler None > AllowOverride None > Satisfy Any > Require all granted > ExpiresActive On > ExpiresDefault "access plus 1 year" > <FilesMatch "(index.html|loader.js|login.html|reset_password.html)"> > ExpiresDefault "access plus 0 seconds" > </FilesMatch> > Order allow,deny > Allow from <ADMIN IP RANGE> > </Directory> > Is still allowing anyone with a browser to reach the IPA gui. > We have Keycloak in place for staff and users to update their passwords. > Any pointers? I would personally prefer to firewall it off but that effects > other IPA features.
Use Require instead of Allow/Order. See https://httpd.apache.org/docs/2.4/howto/access.html rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
