[Spacewalk-list] Filtering webui access
Matt Moldvan
mmoldvan at dcctools.com
Wed Aug 24 18:27:43 UTC 2011
If all else fails a simple IPTables rule could do this also, or even complement the Allow From rules.
Regards,
Matt.
________________________________________
From: spacewalk-list-bounces at redhat.com [spacewalk-list-bounces at redhat.com] on behalf of Michael Mraka [michael.mraka at redhat.com]
Sent: Tuesday, August 23, 2011 8:42 AM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Filtering webui access
Pierre Casenove wrote:
% Hello,
% My security department ask me to filter the HTTPS access to the webui based
% on the IPs of the administrator.
% The administrators are on a predefined subnet, but the spacewalk clients are
% on multiple subnets.
% Is it possible to filter https access (either in apache or iptables) without
% breaking YUM https communication between spacewalk server and clients?
WebUI is available under https://spacewalk/rhn/ and
https://spacewalk/network/, while clients (rhn_register, yum, etc.) go
primarily to https://spacewalk/XMLRPC/.
There is also some more interfaces for package push, ISS, etc. list of
which you can find in
/etc/rhn/satellite-httpd/conf/rhn/spacewalk-backend-*.conf (on RHEL5)
or in /etc/httpd/conf.d/zz-spacewalk-server-wsgi.conf (on RHEL6 and
Fedoras).
So you might be able to limit access in httpd via
<Location ...>
Order allow,deny
Allow from ...
Deny from ...
</Location>
I've never heard about anyone doing this so it'll be great if you
share your experience with others.
Regards,
--
Michael Mráka
Satellite Engineering, Red Hat
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list