Howto Restrict Access to UMC by IP Ranges

You have exposed your UCS to the public internet for some apps (i.e. Owncloud) but you obviously want the public not being able to access the UMC.

Step 1:

Identify folders to restrict

ls -alh /var/www/univention
lrwxrwxrwx 1 root root 46 Mär 12 17:02 login -> /usr/share/univention-management-console-login
lrwxrwxrwx 1 root root 49 Mär 12 17:02 management -> /usr/share/univention-management-console-frontend 
lrwxrwxrwx 1 root root 28 Mär 10 11:57 portal -> /usr/share/univention-portal 
lrwxrwxrwx 1 root root 37 Dez 21 2017 server-overview -> /usr/share/univention-server-overview 
lrwxrwxrwx 1 root root 38 Mär 8 15:14 setup -> /usr/share/univention-system-setup/www 
lrwxrwxrwx 1 root root 42 Dez 21 2017 system-info -> /usr/share/univention-system-info/archives

The folders to restrict are “login”, “management” and “portal”.

Step 2

Create the restriction file according to the identified directories from step 1 (i.e. /var/www/univention/login/.htaccess) with the following content:

Allow from 192.168.0.0/255.255.255.0
Allow from 127.0.0.1
Deny from all

Change the above IP ranges to your needs.

Step 3

Create additional files with the same content
/var/www/univention/management/.htaccess
/var/www/univention/portal/.htaccess

Step 4

Reload the page in your browser and according to your client IP you will be denied loading the page.