Kudos again to @Moritz_Bunkus
How can we restrict access to /univention only to local networks?
Our UCS server by default offers some services to the public Internet and is accessible through Port 80/443. When adding “/univention” to the URL anyone can access the UMC.
To restrict access simply use Apache internal access control:
ALLOW access to local networks
DENY for all others
Create a file name
/etc/apache2/conf-available/umc-access.conf whith the following content:
<Location /univention/> Require ip 192.168.0.0/24 # put your local network address range here Require all denied </Location>
Then enable this file and restart Apache:
a2enconf umc-access systemctl restart apache2