Prevent domain.com:2082 logins
I've searched around and I can't find an answer to this:
Say my company website is company.com and each server is a subdomain like server1.company.com and server2.company.com. Say I'm a user and I have the domain example.com hosted on my cpanel account.
The way we want people to be able to log into cPanel is through server1.company.com:2083 but some people have port 2083 blocked by their schools or work or country or whatever so we want cpanel.server1.company.com:80 to work too. We don't want example.com:2082 or example.com:2083 or cpanel.example.com:80 to work. If it doesn't have server1.company.com in the url we want it to redirect to server1.company.com:2083 unless they really really need to use port 80 in which case they can use cpanel.server1.company.com. Is there any way to do this?
-
As far as stopping someone from using their own domain's proxy URL, not possible: Add option to redirect webmail subdomain to hostname instead of origin domain name 0 -
You already have the ability to use your hostname for proxy URL's, you have to add the DNS manually(as far as I can tell) but if you look at apache conf: RewriteEngine On RewriteCond %{HTTP_HOST} =autodiscover.server1.domain.com RewriteRule ^ http://127.0.0.1/cgi-sys/autodiscover.cgi [P] RewriteCond %{HTTP_HOST} =cpanel.server1.domain.com RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT] ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0 RewriteCond %{HTTP_HOST} =webdisk.server1.domain.com RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT] ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0 RewriteCond %{HTTP_HOST} =webmail.server1.domain.com RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT] ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
The rules are already there so just create the A Record for cpanel.server1.company.com whm.server1.company.com webmail.server1.company.com and you should be all set!0 -
Sorry, I am trying to figure this out as I respond ;) so that config doesn't exist automatically. It exists because we install the SSL of the server hostname using WHM > Install an SSL Certificate on a Domain this way we can set it as the default SSL on shared IP's so none of our customers sites show when visiting 0 -
You might be on to something! I always avoid manually editing the httpd.conf because cpanel. So my first thought was to try .htaccess in /usr/local/cpanel/base/frontend/paper_lantern/ but that doesn't work. Apparently cpanel doesn't support .htaccess there. Maybe if I edit that RewriteCond/RewriteRule section in httpd.conf I can get it to do what I want it to do. Then I would have to distill the httpd.conf to prevent the changes from being lost immediately... Update: So, that's only going to affect stuff like cpanel.example.com on port 80. It's not going to rewrite anything on port 2082 or 2083. 0 -
so my first thought was to try .htaccess in /usr/local/cpanel/base/frontend/paper_lantern/
That wouldn't work just because that isn't a valid path in terms of a doc root, it wouldn't be referenced by Apache. If you wanted to write rules to affect all domains, you could use an include via the Include Editor: WHM > Service Configuration > Apache Configuration > Include Editor Would add it to a Pre VirtualHost Include which should make it take precedence over the rewrite rules cPanel uses for proxy subdomains since it should come before, but would need to test that a bit.0 -
Hello, You could setup custom firewall rules that block or redirect access to ports such as 2083 and 2087 on the IP addresses associated with the domain names on the server. Then, setup the server's hostname so it resolves to an IP address not used by any other domain name. The following StackOverflow thread may help you to set this up: ConfigServer Security Firewall & port forwarding Thank you. 0 -
Hello, You could setup custom firewall rules that block or redirect access to ports
Too funny! I just did exactly that. I use CSF and here is the rule I just wrote in csf.redirect:*|2082|*|2083|tcp
That takes any IP that connects with tcp on port 2082 and sends them to port 2083 where cpanel handles the redirects to https and changes the domain to the server1.company.com style I want to enforce. I came here to update my thread and found I had been beaten to it by a week. :)0 -
You can force all non encrypted cPanel ports to their secure port via WHM > Tweak Settings > Require SSL for cPanel Services so CSF isn't really needed but I guess whatever works :) 0 -
You can force all non encrypted cPanel ports to their secure port via WHM > Tweak Settings > Require SSL for cPanel Services
some people have port 2083 blocked by their schools or work or country or whatever so we want cpanel.server1.company.com:80 to work too.
I would love to block all of the non-secure ports, but there are way too many people who can't use encryption, or can't use any ports except 80/443, etc.0 -
Well there are plenty of secure ports that do not utilize 443, but even still, you can force anyone using 80 to use 443 with the same option in Tweak Settings. 0
Please sign in to leave a comment.
Comments
10 comments