Hi, Here is what I've done: https://www.redhat.com/archives/spacewalk-list/2011-August/msg00223.html
Pierre 2012/6/7 Scott Worthington <[email protected]>: > On 6/7/2012 11:18 AM, Jeremy Maes wrote: >> Hey Spacewalk users >> >> I'm new to the list but have been testing Spacewalk since version 1.3. >> Recently made a clean installation of 1.7 to start using in production, but >> I have a question about the webinterface. >> >> First a little overview of out current situation: >> I have Spacewalk 1.7 installed on PostgreSQL, on a CentOS 6.2 server. The >> Spacewalk server itself is in our DMZ because it needs to be accessible by >> our other servers at over 200 remote sites. >> Now I would very much like to close off the access to the webinterface for >> the outside world, and only make it available for access from our internal >> IP's. >> >> I know this is something that is probably possible through customizing the >> apache config, but there's 2 things holding me back from trying it out as of >> yet: >> >> * I'm not really sure which of the config files to change, and where I'd >> have to put the change(s). >> * Will my remote servers still be able to send and receive updates, >> register if needed, etc... if I shut down the webinterface for external >> hosts? It is my perception that almost all communication runs over http(s) >> through webservices hosted by apache and I'm afraid of closing those off >> too. Is it possible to selectively shut off access to only the webUI but not >> the rest? >> >> Any pointers or tips would be really appreciated! >> >> Regards, >> Jeremy > > Have you considered using iptables on the Spacwalk server to limit ports 80 > and 443 (and other ports for Spacewalk) to your internal IP addresses? > > Or perhaps just limit all initial inbound communication to your Spacewalk > server to your internal IP addresses in iptables. > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
