On 05/29/2017 07:15 PM, Fraser Tweedale via FreeIPA-users wrote:
On Mon, May 29, 2017 at 06:26:31PM +0530, Ivars Strazdiņš wrote:
I am not saying “instead of”. We are using standard authetication provided by
FreeIPA, but I want to protect Web UI interface from unwanted attention as it
is, unfortunately, exposed to entire internet. I’d be much happier if Apache
could reject (or redirect) any client which is not presenting required
certificate even before any authentication attempt is started.
That is not to say that the whole server is exposed, but 443 port is.
Thanks for explaining.
Maybe I'm missing something in this thread, but couldn't the OP simply
put a reverse proxy in front of the Internet-exposed port?
Ian Pilcher arequip...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org