Hey all,
I have a wan facing install due to many of my team operating with mobile phone hotspots
whilst visiting customers.
An Issue I'm having is I want to restrict the GUI to only our admin team's IP
address but editing the Apache Config with;
# webUI is now completely static, and served out of that directory
Alias /ipa/ui "/usr/share/ipa/ui"
<Directory "/usr/share/ipa/ui">
SetHandler None
AllowOverride None
Satisfy Any
Require all granted
ExpiresActive On
ExpiresDefault "access plus 1 year"
<FilesMatch "(index.html|loader.js|login.html|reset_password.html)">
ExpiresDefault "access plus 0 seconds"
</FilesMatch>
Order allow,deny
Allow from <ADMIN IP RANGE>
</Directory>
Is still allowing anyone with a browser to reach the IPA gui.
We have Keycloak in place for staff and users to update their passwords.
Any pointers? I would personally prefer to firewall it off but that effects other IPA
features.