I would like to restrict user access based on the following scheme :
- if the client IP is from my internal network : full access granted
- if the client IP is outside my internal network : access to web client and imap/pop proxy is restricted to a group of users.
I plan to force the remote web access through a http reverse-proxy and put a zimbra-proxy in DMZ for remote imaps/pops access.
So the access scheme can also be read this way :
- if the client access the zimbra-apache server (which is only reachable from the internal network) : no restriction
- if the client access the zimbra web client through the http reverse proxy OR if the client access the zimbra-proxy in DMZ : access is restricted to a specific group of users
What is the best way to implement this policy ? Is there a way with COS ? Can PAM be used ? Must I rely on External Auth ?
Thanks for your advices.