Secured Swat and Linuxconf Access

Make sure linuxconf is configured

           +------------ Linuxconf html access control ------------+
           Ś You can specify which networks or hosts are allowed   Ś
           Ś to access linuxconf to configure your computer        Ś
           Ś (They need a password still)                          Ś
           Ś Linuxconf listen on port 98. Point your browser to    Ś
           Ś http://your_machine:98/                               Ś
           Ś                                                       Ś
           Ś                +------------------------------+       Ś
           Ś                Ś[X] Enable network access     Ś       Ś
           ŚLog access      Ś[X] in /var/log/htmlaccess.logŚ       Ś
           Śnetwork or host Ś127.0.0.0                     Ś       Ś
           Śnetmask(opt)    Ś255.0.0.0                     Ś       Ś
           Śnetwork or host Ś                              Ś       Ś
           Śnetmask(opt)    Ś                              Ś       Ś
           Śnetwork or host Ś                              Ś       Ś
           Śnetmask(opt)    Ś                              Ś       Ś
           Ś                +------------------------------+       Ś
           Ś     +------+     +------+     +---+     +----+        Ś
           Ś     ŚAcceptŚ     ŚCancelŚ     ŚAddŚ     ŚHelpŚ        Ś
           Ś     +------+     +------+     +---+     +----+        Ś
           +-------------------------------------------------------+


Run ntsysv and enable swat
/etc/xinetd.d/swat should look like this
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
#              to configure your Samba server. To use SWAT, \
#              connect to port 901 with your favorite web browser.
service swat
{
        disable = no
        port            = 901
        socket_type     = stream
        wait            = no
        only_from       = 127.0.0.1
        user            = root
        server          = /usr/sbin/swat
        log_on_failure  += USERID
}

Next
Uncomment in /etc/httpd/conf/httpd.conf
LoadModule proxy_module       modules/libproxy.so
AddModule mod_proxy.c

Append to httpd.conf

Listen 8098

<Virtualhost _default_:8098>
   SSLEngine On
   SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
   ProxyPass / http://localhost:98/
</Virtualhost>

Listen 8901

<Virtualhost _default_:8901>
   SSLEngine On
   SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
   ProxyPass / http://localhost:901/
</Virtualhost>

Force SSL and 128 bit encryption

Listen 8098

<Virtualhost _default_:8098>
   SSLEngine On
   SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
   <Location />
      SSLRequireSSL
      SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 )
   </Location>
   ProxyPass / http://localhost:98/
</Virtualhost>

Listen 8901

<Virtualhost _default_:8901>
   SSLEngine On
   SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
   ProxyPass / http://localhost:901/
   <Location />
      SSLRequireSSL
      SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 )
   </Location>
</Virtualhost>

Restart httpd