Hi Anthony,
> Hm, and is that sufficient that end users *only* see http://my.ser.ver/status
> (or whatever your choice is) URLs, and also that http://my.ser.ver/icingaweb2
> is not contactable?
Currently I don't have a test machine available, but I'm quite confident that
the following changes should replace the /icingaweb2 with /status in
/etc/httpd/conf.d/icingaweb2.conf:
[...]
Alias /status "/usr/share/icingaweb2/public"
[...]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /status/
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
<IfModule !mod_rewrite.c>
DirectoryIndex error_norewrite.html
ErrorDocument 404 /status/error_norewrite.html
</IfModule>
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:{{ fpm_port }}"
ErrorDocument 503 /status/error_unavailable.html
</FilesMatch>
> Basically, I'm aiming for two things together here:
>
> 1. A URL of my choosing which users need to access to view Icingaweb2
>
> 2. Blocking random requests from the Internet for /icingaweb2 to turn away
> pestering script-kiddies.
The latter is security by obscurity, though, and '/status' is not really an URL
that they wouldn't try, so changing the URL won't buy you much of a benefit.
_______________________________________________
icinga-users mailing list
icinga-users@lists.icinga.org
https://lists.icinga.org/mailman/listinfo/icinga-users
