HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Disable public access to ISPConfig (http://www.howtoforge.com/forums/showthread.php?t=40156)

A1200 15th October 2009 18:57

Disable public access to ISPConfig
 
Hi,

I have been using ISPConfig for a while now. It is a great hosting tool, saving lots of time away from shell commands!

I have a scenario where I want to control ISPConfig and no one else (including clients need to). So, when I access http://[host]:8080 I get the ISPConfig login page.

However, for some reason if I go to http://[host]/ispconfig I can bring the login page up that way.

I don't want this to happen, so I need to know how to stop ISPConfig from being accessible on port 80 OR if that cannot be done, give the ISPConfig interface itself protection using .htaccess (which I tried and failed to do even though it is working fine for client sites).

Any ideas?

Thanks,

Mike

Bloedi 15th October 2009 19:26

This is easy.. :0) ..

I blocked public access from other locations. Only connections from some IP's are allowed.

Just go to:

/etc/apache2/sites-enabled

.. and open the following file:

@000-ispconfig.vhost

.. and change this section:

Order allow,deny
Allow from all

.. to this:

Order deny,allow
Deny from all
Allow from 127.0.0.1 xxx.xxx.xxx.xxx (and further ip-blocks)

Safe your files and restart your apache webserver.

Your ISP-Config administration is now protected based on the ip from which an user connects to your site.. :) ..

A1200 15th October 2009 19:58

Hi Bloedi

Thanks for your fast reply, unfortunately, it doesn't seem to work. Even when I remove the Allow from line, I can still access the site. I tried changing AllowOverride to All on all the sections, but that didn't help. Am I missing something?

I did restart Apache ;)

Here is my file:


################################################## ####
# This virtual host contains the configuration
# for the ISPConfig controlpanel
################################################## ####

Listen 8080
NameVirtualHost *:8080

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost

<IfModule mod_fcgid.c>
DocumentRoot /var/www/ispconfig/
SuexecUserGroup ispconfig ispconfig
<Directory /var/www/ispconfig/>
Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
Order deny,allow
Deny from all
</Directory>
</IfModule>

<IfModule mod_php5.c>
DocumentRoot /usr/local/ispconfig/interface/web/
AddType application/x-httpd-php .php
<Directory /usr/local/ispconfig/interface/web>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
php_value magic_quotes_gpc 0
</Directory>
</IfModule>

# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off

</VirtualHost>

<Directory /var/www/php-cgi-scripts>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

<Directory /var/www/php-fcgi-scripts>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>



To me that should not allow access to ISP config, but it does!

Thanks again,

Mike

Bloedi 15th October 2009 20:25

I don't know but try to set also an Allow variable..

Allow from 127.0.0.1

.. and then restart..

It is important that you edit the vhost file which apache reloads und includes.

A1200 16th October 2009 17:10

I did try the allow line too. This is strange, I am sure that I have the correct vhost file (the virtual domains' vhost file are all contained there too). Really annoying how it works for you but not for me! Anthing else I need to do?

A1200 16th October 2009 18:33

Hey Bloedi,

I sorted it! I had resided to the fact that it wasn't going to work so set about putting on .htaccess:

http://www.howtoforge.com/forums/showthread.php?t=34845

When that didn't work I thought about it logically. Because I can access via the hostname/ispconfig I changed sites-enabled/000-default to:

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
deny from all
</Directory>

and it worked! Now I can just put some allow hosts in!

Thanks buddy,

Mike


All times are GMT +2. The time now is 20:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.