<div dir="ltr"><div>Using Nginx to stop obvious access to master realm:</div><div><br></div>Well I can hard-block with:<div> location =/auth/ { return 404; }<br></div><div><br></div><div>I *should* be able to do:</div><div> location =/auth/ {</div><div> allow <a href="http://10.20.0.0/16">10.20.0.0/16</a>; # all our LAN + VPN range</div><div> deny all;</div><div> }</div><div>but it's not working when I test it.</div><div><br></div><div>You'd also want to block:</div><div> location /auth/realms/master</div><div>to stop people who know it's Keycloak</div><div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><br></div><div><div style="color:rgb(0,0,0);font-size:12.8px"><div><font face="verdana, sans-serif"><b>Kevin Thorpe</b></font></div><div style="font-family:'Times New Roman'">VP Enterprise Platform</div><div style="font-family:'Times New Roman'"><img src="http://i.imgur.com/8UeC1YO.png" width="96" height="96"><br></div><div style="font-family:'Times New Roman'"><a href="http://www.p-i.net/" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">www.p-i.net</a> | <a href="https://twitter.com/@PI_150" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">@PI_150</a></div><br><b style="font-family:'Times New Roman'">T: <a href="tel:%2B44%20%280%2920%203005%206750" value="+442030056750" style="color:rgb(17,85,204)" target="_blank">+44 (0)20 3005 6750</a> | F: <a href="tel:%2B44%280%2920%207730%202635" value="+442077302635" style="color:rgb(17,85,204)" target="_blank">+44(0)20 7730 2635</a> | T: <a href="tel:%2B44%20%280%29808%20204%200344" value="+448082040344" style="color:rgb(17,85,204)" target="_blank">+44 (0)808 204 0344</a> </b><br><b style="font-family:'Times New Roman'"><font color="#515151">150 Buckingham Palace Road, London, SW1W 9TR, UK</font></b><font face="Times New Roman"> </font><br><br><div style="font-family:'Times New Roman'"><a><img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png" height="40px"></a></div></div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><br><b><span style="color:rgb(106,168,79)">SAVE PAPER - THINK BEFORE YOU PRINT!</span></b><p><font size="1">____________________________________________________________________</font></p><p style="color:rgb(34,34,34)"><font size="1">This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</font></p></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 30 March 2016 at 12:52, Ben Bazian <span dir="ltr"><<a href="mailto:bbazian@mbopartners.com" target="_blank">bbazian@mbopartners.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Please let me know if you come up with a solution. We would actually like to limit access to this page to inside the firewall. No external access.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Thanks<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank">keycloak-user-bounces@lists.jboss.org</a> [mailto:<a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank">keycloak-user-bounces@lists.jboss.org</a>]
<b>On Behalf Of </b>Kevin Thorpe<br>
<b>Sent:</b> Wednesday, March 30, 2016 7:43 AM<br>
<b>To:</b> keycloak-user <<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>><br>
<b>Subject:</b> [keycloak-user] Can we change the default realm on Keycloak?<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Hi,<u></u><u></u></p>
<div>
<p class="MsoNormal"> just wondering if we could hide the default page <a href="https://keycloak.mydomain.com/auth" target="_blank">
https://keycloak.mydomain.com/auth</a> because tat prompts you to log in to the master realm which we don't want visible.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I could block that page outright but sometimes we might need to log in to the master realm for user admin.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.5pt;font-family:"Verdana",sans-serif;color:black">Kevin Thorpe</span></b><span style="font-size:9.5pt;color:black"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;color:black">VP Enterprise Platform<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;color:black"><img border="0" width="96" height="96" src="http://i.imgur.com/8UeC1YO.png"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;color:black"><a href="http://www.p-i.net/" target="_blank"><span style="color:#1155cc">www.p-i.net</span></a> | <a href="https://twitter.com/@PI_150" target="_blank"><span style="color:#1155cc">@PI_150</span></a><u></u><u></u></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.5pt;color:black"><br>
<b>T: <a href="tel:%2B44%20%280%2920%203005%206750" target="_blank"><span style="color:#1155cc">+44 (0)20 3005 6750</span></a> | F: <a href="tel:%2B44%280%2920%207730%202635" target="_blank"><span style="color:#1155cc">+44(0)20 7730 2635</span></a> | T: <a href="tel:%2B44%20%280%29808%20204%200344" target="_blank"><span style="color:#1155cc">+44
(0)808 204 0344</span></a> </b><br>
</span><b><span style="font-size:9.5pt;color:#515151">150 Buckingham Palace Road, London, SW1W 9TR, UK</span></b><span style="font-size:9.5pt;color:black"> <u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;color:black"><img border="0" src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png"> <img border="0" src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png"> <img border="0" src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png"> <img border="0" src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png"><u></u><u></u></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;color:black"><br>
</span><b><span style="font-size:13.5pt;color:#6aa84f">SAVE PAPER - THINK BEFORE YOU PRINT!</span></b><span style="font-size:13.5pt;color:black"><u></u><u></u></span></p>
<p><span style="font-size:7.5pt;color:black">____________________________________________________________________</span><span style="font-size:13.5pt;color:black"><u></u><u></u></span></p>
<p><span style="font-size:7.5pt;color:#222222">This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system
manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have
received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</span><span style="font-size:13.5pt;color:#222222"><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div></div></div>
</div>
</blockquote></div><br></div>