OK folks,
I finally have a server (Debian, 0.8.6 Pro - MYSQL) in production
I ended up creating all these files with the following content:
/etc/apache2/conf.d/iredadmin.conf
----------
WSGISocketPrefix /var/run/wsgi
WSGIDaemonProcess iredadmin user=iredadmin threads=15
WSGIProcessGroup iredadmin
AddType text/html .py
<Directory /usr/share/apache2/iredadmin/>
Order Deny,Allow
Allow from 192.168.
Deny from all
</Directory>
------------
/etc/apache2/conf.d/phpmyadmin.conf
-----------
<Directory /usr/share/phpmyadmin/>
Options FollowSymLinks
DirectoryIndex index.php
Order Deny,Allow
Allow from 192.168.
Deny from all
</Directory>
----------
/etc/apache2/conf.d/cluebringer.conf
----------
<Directory /usr/share/postfix-cluebringer-webui/webui/>
Options FollowSymLinks
DirectoryIndex index.php
Order Deny,Allow
Allow from 192.168.
Deny from all
</Directory>
----------
/etc/apache2/conf.d/awstats.conf
---------
<Directory /usr/share/awstats/icon/>
Options FollowSymLinks
DirectoryIndex index.php
Order Deny,Allow
Allow from 192.168.
Deny from all
</Directory>
------------
My server has 2 interfaces, one with a public IP address and another one with a private IP address (192.168.x.x)
So the idea is that if I want to manage the server over the web interface, I need to VPN into the office and access the server from behind the firewall.
Over the public internet (interface), only Roundcube is enabled over HTTPS and everything else is blocked by the IPTABLES script ... however, IP Tables isn't enough to secure the other management interfaces.
I'm surprised that there is no description of how to achieve this into the FAQ. Let my post serve as the inspiration!
F.