Restrict privacyIDEA Endpoints to certain IP addresses

In certain cases you might not want to serve all endpoints to all IPs. E.g. you might only want to expose /validate/check or /ttype/push to the public.

With the Apache2 you can achieve it like this:

    <Location />
            Order Allow,Deny
            Allow from 192.168.0.0/24
    </Location>

    <Location /validate/check>
            Order Allow,Deny
            Allow from all
    </Location>

    <Location /ttype/push>
            Order Allow,Deny
            Allow from all
    </Location>

Always stay secure!

Hello Conelinux,

Where do i put this in the config file in the default installation of PI

…whatever default is.
You need to put it into your Apache site config file, which is located under /etc/apache2/sites-enabled — at least on debian based systems.
On RHEL based systems it is somewhere under /etc/httpd/…