On 05/29/2017 07:15 PM, Fraser Tweedale via FreeIPA-users wrote:
On Mon, May 29, 2017 at 06:26:31PM +0530, Ivars Strazdiņš wrote:
I am not saying “instead of”. We are using standard authetication provided by 
FreeIPA, but I want to protect Web UI interface from unwanted attention as it 
is, unfortunately, exposed to entire internet. I’d be much happier if Apache 
could reject (or redirect) any client which is not presenting required 
certificate even before any authentication attempt is started.
That is not to say that the whole server is exposed, but 443 port is.

Thanks for explaining.

Maybe I'm missing something in this thread, but couldn't the OP simply
put a reverse proxy in front of the Internet-exposed port?

Ian Pilcher                                         arequip...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to