Disallow Access to /univention from Internet

umc
apache
internet
access

#1

Kudos again to @Moritz_Bunkus

Question

How can we restrict access to /univention only to local networks?
Our UCS server by default offers some services to the public Internet and is accessible through Port 80/443. When adding “/univention” to the URL anyone can access the UMC.

Answer

To restrict access simply use Apache internal access control:

ALLOW access to local networks
DENY for all others

Create a file name /etc/apache2/conf-available/umc-access.conf whith the following content:

<Location /univention/>
  Require ip 192.168.0.0/24 # put your local network address range here
  Require all denied
</Location>

Then enable this file and restart Apache:

a2enconf umc-access
systemctl restart apache2

#2