[Spacewalk-list] Filtering webui access
Michael Mraka
michael.mraka at redhat.com
Tue Aug 23 12:42:26 UTC 2011
Pierre Casenove wrote:
% Hello,
% My security department ask me to filter the HTTPS access to the webui based
% on the IPs of the administrator.
% The administrators are on a predefined subnet, but the spacewalk clients are
% on multiple subnets.
% Is it possible to filter https access (either in apache or iptables) without
% breaking YUM https communication between spacewalk server and clients?
WebUI is available under https://spacewalk/rhn/ and
https://spacewalk/network/, while clients (rhn_register, yum, etc.) go
primarily to https://spacewalk/XMLRPC/.
There is also some more interfaces for package push, ISS, etc. list of
which you can find in
/etc/rhn/satellite-httpd/conf/rhn/spacewalk-backend-*.conf (on RHEL5)
or in /etc/httpd/conf.d/zz-spacewalk-server-wsgi.conf (on RHEL6 and
Fedoras).
So you might be able to limit access in httpd via
<Location ...>
Order allow,deny
Allow from ...
Deny from ...
</Location>
I've never heard about anyone doing this so it'll be great if you
share your experience with others.
Regards,
--
Michael Mráka
Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list