> On 2017. gada 30. maijs, at 21:16, Ian Pilcher via FreeIPA-users 
> <freeipa-users@lists.fedorahosted.org> wrote:
> On 05/29/2017 07:15 PM, Fraser Tweedale via FreeIPA-users wrote:
>> On Mon, May 29, 2017 at 06:26:31PM +0530, Ivars Strazdiņš wrote:
>>> I am not saying “instead of”. We are using standard authetication provided 
>>> by FreeIPA, but I want to protect Web UI interface from unwanted attention 
>>> as it is, unfortunately, exposed to entire internet. I’d be much happier if 
>>> Apache could reject (or redirect) any client which is not presenting 
>>> required certificate even before any authentication attempt is started.
>>> That is not to say that the whole server is exposed, but 443 port is.
>> Thanks for explaining.
> Maybe I'm missing something in this thread, but couldn't the OP simply
> put a reverse proxy in front of the Internet-exposed port?

That’s a clever hint that I will explore. Thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to