On Tue, May 30, 2017 at 10:46:59AM -0500, Ian Pilcher via FreeIPA-users wrote:
> On 05/29/2017 07:15 PM, Fraser Tweedale via FreeIPA-users wrote:
> > On Mon, May 29, 2017 at 06:26:31PM +0530, Ivars Strazdiņš wrote:
> > > I am not saying “instead of”. We are using standard authetication
> > > provided by FreeIPA, but I want to protect Web UI interface from unwanted
> > > attention as it is, unfortunately, exposed to entire internet. I’d be
> > > much happier if Apache could reject (or redirect) any client which is not
> > > presenting required certificate even before any authentication attempt is
> > > started.
> > > That is not to say that the whole server is exposed, but 443 port is.
> > >
> > Thanks for explaining.
> Maybe I'm missing something in this thread, but couldn't the OP simply
> put a reverse proxy in front of the Internet-exposed port?
What you are missing: the client tools do not support certificate
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org