From 9457e0e58eace45b1caa7a65e99b30b3fea43e8c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Aug 20 2024 18:44:15 +0000
Subject: proxies / ipa / api: close access to ui


Users don't need to use this and so restrict it to admins by ip for now.
Down the road we should be able to do this much better once we can set a
policy for access here.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

---

diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf
index acb230e..b3ee591 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf
@@ -1,5 +1,9 @@
 ProxyPassReverseCookieDomain ipa01{{env_suffix}}.iad2.fedoraproject.org id{{env_suffix}}.fedoraproject.org
 RequestHeader edit Referer ^https://id\{{env_suffix}}\.fedoraproject\.org/ https://ipa01{{env_suffix}}.iad2.fedoraproject.org/
 
+<Proxy "*">
+  Require ip 192.173.156.2 # kevin
+</Proxy>
+
 ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
 ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}