> On 2017. gada 30. maijs, at 21:16, Ian Pilcher via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > On 05/29/2017 07:15 PM, Fraser Tweedale via FreeIPA-users wrote: >> On Mon, May 29, 2017 at 06:26:31PM +0530, Ivars Strazdiņš wrote: >>> I am not saying “instead of”. We are using standard authetication provided >>> by FreeIPA, but I want to protect Web UI interface from unwanted attention >>> as it is, unfortunately, exposed to entire internet. I’d be much happier if >>> Apache could reject (or redirect) any client which is not presenting >>> required certificate even before any authentication attempt is started. >>> That is not to say that the whole server is exposed, but 443 port is. >>> >> Thanks for explaining. > > Maybe I'm missing something in this thread, but couldn't the OP simply > put a reverse proxy in front of the Internet-exposed port?
That’s a clever hint that I will explore. Thanks! Ivars _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org