A customer wanted to limit access to the Web-UI on Checkmk slaves. This couldn’t be done on the firewall, as all clients need to be able to access the Web-Interface to download agents from the bakery.
To limit the exposed paths we created the following little apache configuration. So far it’s working pretty well in 2.0, haven’t tested it with 2.1beta yet.
Any suggestions or feedback is welcome
# access to any checkmk paths only for the svrehcmk1 / checkmk master <Locationmatch "/.*/check_mk"> Require ip <ip_of_cmk_master> <ip_of_cmkadmin_jump_host_for_troubleshooting> </LocationMatch> # Exception: # agent bakery and login is allowed for all clients <Location "/.*/check_mk/login.py"> Require all granted </Location> <LocationMatch "/.*/check_mk/deploy_agent.py"> Require all granted </LocationMatch>