If all else fails a simple IPTables rule could do this also, or even complement the Allow From rules.
Regards, Matt. ________________________________________ From: [email protected] [[email protected]] on behalf of Michael Mraka [[email protected]] Sent: Tuesday, August 23, 2011 8:42 AM To: [email protected] Subject: Re: [Spacewalk-list] Filtering webui access Pierre Casenove wrote: % Hello, % My security department ask me to filter the HTTPS access to the webui based % on the IPs of the administrator. % The administrators are on a predefined subnet, but the spacewalk clients are % on multiple subnets. % Is it possible to filter https access (either in apache or iptables) without % breaking YUM https communication between spacewalk server and clients? WebUI is available under https://spacewalk/rhn/ and https://spacewalk/network/, while clients (rhn_register, yum, etc.) go primarily to https://spacewalk/XMLRPC/. There is also some more interfaces for package push, ISS, etc. list of which you can find in /etc/rhn/satellite-httpd/conf/rhn/spacewalk-backend-*.conf (on RHEL5) or in /etc/httpd/conf.d/zz-spacewalk-server-wsgi.conf (on RHEL6 and Fedoras). So you might be able to limit access in httpd via <Location ...> Order allow,deny Allow from ... Deny from ... </Location> I've never heard about anyone doing this so it'll be great if you share your experience with others. Regards, -- Michael Mráka Satellite Engineering, Red Hat _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
