From 3c5e2c86fd379c24d0f5e4247b1b3ba424cd2c7c Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Sat, 19 Jul 2014 14:14:03 +0200
Subject: [PATCH] Restrict access to /admin in httpd conf samples

---
 conf/httpd_alias.conf | 6 ++++++
 conf/httpd_vhost.conf | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/conf/httpd_alias.conf b/conf/httpd_alias.conf
index c8c5b26..690a3ad 100644
--- a/conf/httpd_alias.conf
+++ b/conf/httpd_alias.conf
@@ -42,6 +42,12 @@ ScriptAlias /vroom /opt/vroom/public/vroom.pl
   ExpiresByType text/xml             "access plus 0 seconds"
   ExpiresByType text/html            "access plus 0 seconds"
 </Directory>
+# You should customize this part to access the admin interface
+# VROOM doesn't handle authentication, it's up to you to protect
+# /vroom/admin on your web server
+<Location /vroom/admin>
+  require local
+</Location>
 <Location /socket.io>
   SSLRequireSSL on
 </Location>
diff --git a/conf/httpd_vhost.conf b/conf/httpd_vhost.conf
index ae2e22c..9a043b3 100644
--- a/conf/httpd_vhost.conf
+++ b/conf/httpd_vhost.conf
@@ -52,5 +52,11 @@
       ExpiresByType text/xml             "access plus 0 seconds"
       ExpiresByType text/html            "access plus 0 seconds"
     </Location>
+    # You should customize this part to access the admin interface
+    # VROOM doesn't handle authentication, it's up to you to protect
+    # /admin on your web server
+    <Location /admin>
+      require local
+    </Location>
 </VirtualHost>