Skip to main content

How to disable autodiscover/autodiscover.xml?

Comments

6 comments

  • cPanelAnthony
    Hello! You should be able to disable Autodiscover via cPanel. Can you check here?
    0
  • coldpumpkin
    The instructions are for WHM only and that's server-wide. There are multiple accounts in the server. Sorry if I'm missing something here.
    0
  • cPRex Jurassic Moderator
    @coldpumpkin - the details in that article are not correct. It could certainly affect how the autodiscover tool works, but it wouldn't change it. Details on the Email Routing tool in cPanel can be found here:
    0
  • coldpumpkin
    Hi @cPRex, thank you for answering.
    Disabling the option server-wide would keep the DNS records from being created in the future. If you don't want the DNS records for a certain domain, using the DNS Zone Manager tool inside of cPanel to remove the specific records from the domain is the easiest per-domain way to remove those records.

    What DNS records would that be though? Please note I'm trying to get rid of domain.com/autodiscover/autodiscover.xml and not autodiscover.domain.com
    0
  • cPRex Jurassic Moderator
    Thanks for that clarification. Since that is the case, you don't want to make any DNS changes as that would disrupt the autodiscover subdomain. cPanel includes the following entries by default in the Apache configuration file, which is why you found that editing .htaccess wasn't sufficient to make the change, but only an Apache include would partially take care of it. ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi ScriptAliasMatch ^/Autodiscover/Autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi ScriptAliasMatch ^/autodiscover/autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi Alias /bandwidth /usr/local/bandmin/htdocs/ Alias /img-sys /usr/local/cpanel/img-sys/ Alias /java-sys /usr/local/cpanel/java-sys/ Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/ Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/ Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/ ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/ ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
    There's a good discussion about this at the following link:
    0
  • nisamudeen97
    Hi, I have managed to disable autodiscover.xml link for a domain via mod_security rules. Below are the steps which I have followed. added the below rule to WHM Home " Security Center " ModSecurity" Tools " Rules List " Add new rule [QUOTE]## block specific exchange requests example.org SecRule REQUEST_URI "autodiscover/autodiscover.xml" "id:9990001,nolog,status:404,chain" SecRule SERVER_NAME "example\.org" "t:lowercase"
    0

Please sign in to leave a comment.