Is it possible to enable the SSL only queries in cPanel DDNS feature?
Is there any way to enable the cPanel Dynamic DNS to accept only SSL (https) requests?
By default it can accept both unencrypted (http) and encrypted (https) queries, but I wanna know if there is a way to force it to accept only the SSL requests.
Reason
If someone have access to my DDNS URL (configured inside cPanel), so he can make a http request to that URL and change the DDNS IP with their own.
-
Hey there! There isn't a way to do this in the interface, but adding the following code to the Apache pre_main_include file does get this working:
RewriteCond %{REQUEST_URI} cpanelwebcall
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]I would say this is a relatively-unofficial solution, so please test that this will work in your environment before deploying it to production.
0 -
Hello,
I inserted that code in my .htaccess file, as it controls all my redirects (I don't know if it is what you'd mean by "pre_main_include).
Nevertheless I think I had misunderstood the cPanel DDNS concepts, i.e., even if a person try to access my URL using http or https he will update the IP, as he doesn't need to have the public key of my certificate.
The only security here consist in not disclosing the DDNS URL, but even so it not really true security.Thanks by our answer!
0 -
These include files would be in the /etc/apache2 directory - you can read more about them here:
https://docs.cpanel.net/ea4/apache/modify-apache-virtual-hosts-with-include-files/
0
Please sign in to leave a comment.
Comments
3 comments