Howto Restrict Access to UMC by IP Ranges
You have exposed your UCS to the public internet for some apps (i.e. Owncloud) but you obviously want the public not being able to access the UMC.
Identify folders to restrict
ls -alh /var/www/univention lrwxrwxrwx 1 root root 46 Mär 12 17:02 login -> /usr/share/univention-management-console-login lrwxrwxrwx 1 root root 49 Mär 12 17:02 management -> /usr/share/univention-management-console-frontend lrwxrwxrwx 1 root root 28 Mär 10 11:57 portal -> /usr/share/univention-portal lrwxrwxrwx 1 root root 37 Dez 21 2017 server-overview -> /usr/share/univention-server-overview lrwxrwxrwx 1 root root 38 Mär 8 15:14 setup -> /usr/share/univention-system-setup/www lrwxrwxrwx 1 root root 42 Dez 21 2017 system-info -> /usr/share/univention-system-info/archives
The folders to restrict are “login”, “management” and “portal”.
Create the restriction file according to the identified directories from step 1 (i.e.
/var/www/univention/login/.htaccess) with the following content:
Allow from 192.168.0.0/255.255.255.0 Allow from 127.0.0.1 Deny from all
Change the above IP ranges to your needs.
Create additional files with the same content
Reload the page in your browser and according to your client IP you will be denied loading the page.