From 9457e0e58eace45b1caa7a65e99b30b3fea43e8c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 20 Aug 2024 11:44:15 -0700
Subject: [PATCH] proxies / ipa / api: close access to ui

Users don't need to use this and so restrict it to admins by ip for now.
Down the road we should be able to do this much better once we can set a
policy for access here.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf
index acb230e00d..b3ee59161f 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.00-ipa.conf
@@ -1,5 +1,9 @@
 ProxyPassReverseCookieDomain ipa01{{env_suffix}}.iad2.fedoraproject.org id{{env_suffix}}.fedoraproject.org
 RequestHeader edit Referer ^https://id\{{env_suffix}}\.fedoraproject\.org/ https://ipa01{{env_suffix}}.iad2.fedoraproject.org/
 
+<Proxy "*">
+  Require ip 192.173.156.2 # kevin
+</Proxy>
+
 ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
 ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}