Make UCS management only local accessible

raceface2nd · November 22, 2018, 1:34pm

Hi,

I am trying to make the UCS management only accessible for local IP adresses or logged in administrators.

As first I added the group “Administrators” to the portal entries “umc-local” and “umc-domain” to make the button for system and domain settings in the portal only visible to all users in this group. But this made the button disappear completely even if users in the group “Administrators” are logged in or not.

So this solution is not working actually.

The second was to allow access to the URLs /univention/portal/ and /univention/management/ only from the LAN IP range. In /etc/apache2/ucs-sites.conf.d/univention-portal.conf I added the following which works well in controlling the access to the URL /univention/portal/

	Order Deny,Allow
	Deny from all
	Allow from 192.168.178.0/24

Adding a conf file with the following content forced trouble to the management console in loading modules.

<Directory /var/www/univention/management/>
	Order Deny,Allow
	Deny from all
	Allow from 192.168.178.0/24
	Allow from 127.0.0.1
</Directory>

How can I allow access to /univention/management/ to LAN IP addresses only?

Best!

Andy

Moritz_Bunkus · November 22, 2018, 4:36pm

Hey,

this has been discussed in the following article:

Replace the /univention/ location with /univention/portal/ and duplicate the whole block for /univention/management. Replace the listed IP address with your network’s address, of course.

Kind regards
mosu

raceface2nd · November 22, 2018, 7:14pm

Thx Moritz,

after having the same situation that the restriction of the portal was working like expected but not for /univention/management/ I found out that for the management site I had to remove the trailing slash.

Cheers!

Andy