[SOLVED] Restrict access to index.pl based on IP-address

[bitos]

Our OTRS installation is accessible publicly.
I'd like to restrict the agent web interface (index.pl) based on IP-address, so only our internal LAN can access the page, while the customers.pl page stays available to the public.

I have done this for another application that we use by adding this to httpd.conf

Code: Select all

<location /dynamic/admin>
    Order Deny,Allow
    Deny from all
    Allow from 127
    Allow from 192.168.0.0/24
</location>

So I thought I'd do the same for OTRS.
This should be pretty straightforward, but I can't seem to get it to work...

I tried to use the different <Directory>, <Location> and <Files> directives in /etc/httpd/conf/httpd.conf

And also tried to add the following to the <Directory "/opt/otrs/bin/cgi-bin/"> directive in /opt/otrs/scripts/apache2-httpd.include.conf

Code: Select all

    <Files "index.pl">
        Order Deny,Allow
        Deny from all
        Allow from 127
        Allow from 192.168.0.0/24
    </Files>

But still no dice.
Any help? Thanks!

[root]

Code: Select all

<Location /otrs/index.pl>

is the key. But you should check if the is no

Code: Select all

Allow from all

after this setting. I recommend to place the IP based restriction in /etc/httpd/conf.d/zzzzz_restrict_access.conf (You're signature tell's me about CentOS 6 and I guess a running Apache httpd)

[bitos]

Excellent!

I didn't have the file /etc/httpd/conf.d/zzzzz_restrict_access.conf on my CentOS installation, but I did have /etc/httpd/conf.d/zzz_otrs.conf.

Putting this at the end of the file works!

Code: Select all

<Location /otrs/index.pl>
    Order Deny,Allow
    Deny from all
    Allow from 127
    Allow from 192.168.0.0/24
</location>

Thank you very much!

[root]

It was my recommendation to create this file to prevent future problems on updates

[bitos]

Excellent! Nice job.