cPanel/Webmail/WHM disable SNI redirect

sparek-3

• February 05, 2018 15:38

Is there a convenient way to disable the SNI redirect for cPanel access? I would prefer to just have [plain]http://example.tld/cpanel[/plain] redirect to [plainhttps://hostname:2083[/plain] regardless if [plain]example.tld[/plain] has a valid secure certificate or not.

• 

  cPanelMichael

  • February 14, 2018 17:53

  Hello, The following option is available under the "Redirection" tab in "WHM >> Tweak Settings": Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as "Always redirect to SSL/TLS" You could disable this option, and then configure "Non-SSL redirect destination" to the server's hostname. Note that you'd need to make sure "Require SSL for cPanel Services" is enabled under the "Security" tab in "WHM >> Tweak Settings". Thank you.

  0
• 

  sparek-3

  • February 14, 2018 18:39

  Well, if you do that, then the cPanel services can be accessed non-securely. If Non-SSL redirect destination is set to Hostname, then [plain]http://example.tld/cpanel[/plain] is just going to redirect to [plain]http://server.hostname.tld:2082[/plain]. And if port 2082 is firewalled off, then this connection will fail. How I patched this for my needs, I created a new redirect script in cgi-sys to automatically redirect to the server's hostname for each service. Then created new ScriptAliasMatch directives in Apache before cPanel's ScriptAliasMatch's to intercept this and force a redirect to these custom cgi-sys redirects. This seems to work for my purposes, which doesn't appear to be a major issue for most other people. I really just liked the old way cPanel did this, when this feature was called "Always redirect to SSL/TLS". Using SNI for the cPanel service ports always seemed to be an unnecessary extra step. Since HTTP supports redirection (unlike IMAP, POP, and SMTP) going to [plain]http://example.tld/cpanel[/plain] could always redirect to an appropriately secured URL (like a server's hostname).

  0
• 

  cPanelMichael

  • February 14, 2018 22:41

  Well, if you do that, then the cPanel services can be accessed non-securely.

  
  That shouldn't happen as long as you leave "Require SSL for cPanel Services" enabled under the "Security" tab in "WHM >> Tweak Settings". It worked as intended when testing the behavior on a test system. That said, you may encounter issues if you have port 2082 blocked in your firewall. Thank you.

  0
• 

  sparek-3

  • February 15, 2018 15:14

  Ah, OK. Blocking port 2082 and the other non-secure cPanel services ports was the issue here. Still debating on whether I like this solution or my custom solution better.

  0
• 

  ksechrist

  • January 30, 2020 15:36

  oops.. sorry, posted to wrong thread!

  0

Please sign in to leave a comment.