> On Oct 25, 2017, at 8:42 AM, Duane Booher <
dd...@nau.edu> wrote:
>
> For CAS 5.0 /cas/status access, the only way I can get access is with a single ip, such as cas.adminPagesSecurity.ip=127.0.0.1
>
> My question, is there any additional pattern matching capabilities and/or a list of ip addresses? In CAS4 there use to be a subnet mask option, such as xx.xx.xx.xx/24, but that does not work for me in CAS 5.0.
I believe it's treated as a regular expression. Ours finally got so complex that we abstracted access control to Apache httpd (2.4) running in front, cf.
cas.adminPagesSecurity.ip=.*
and, effectively:
<ProxyMatch "/cas/status$">
<RequireAny>
Require all denied
Require local
Require ip ...
...
</RequireAny>
</ProxyMatch>
ProxyPass /cas/ ajp://localhost:8009/cas/
Tom.