On 05/29/2017 07:15 PM, Fraser Tweedale via FreeIPA-users wrote:
On Mon, May 29, 2017 at 06:26:31PM +0530, Ivars Strazdiņš wrote:
> I am not saying “instead of”. We are using standard authetication provided by
FreeIPA, but I want to protect Web UI interface from unwanted attention as it is,
unfortunately, exposed to entire internet. I’d be much happier if Apache could reject (or
redirect) any client which is not presenting required certificate even before any
authentication attempt is started.
> That is not to say that the whole server is exposed, but 443 port is.
>
Thanks for explaining.
Maybe I'm missing something in this thread, but couldn't the OP simply
put a reverse proxy in front of the Internet-exposed port?
--
========================================================================
Ian Pilcher arequipeno(a)gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================