Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th October 2009, 18:57
A1200 A1200 is offline
Junior Member
 
Join Date: Oct 2009
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Question Disable public access to ISPConfig

Hi,

I have been using ISPConfig for a while now. It is a great hosting tool, saving lots of time away from shell commands!

I have a scenario where I want to control ISPConfig and no one else (including clients need to). So, when I access http://[host]:8080 I get the ISPConfig login page.

However, for some reason if I go to http://[host]/ispconfig I can bring the login page up that way.

I don't want this to happen, so I need to know how to stop ISPConfig from being accessible on port 80 OR if that cannot be done, give the ISPConfig interface itself protection using .htaccess (which I tried and failed to do even though it is working fine for client sites).

Any ideas?

Thanks,

Mike
Reply With Quote
Sponsored Links
  #2  
Old 15th October 2009, 19:26
Bloedi Bloedi is offline
Junior Member
 
Join Date: Oct 2009
Posts: 5
Thanks: 0
Thanked 2 Times in 2 Posts
Smile

This is easy.. :0) ..

I blocked public access from other locations. Only connections from some IP's are allowed.

Just go to:

/etc/apache2/sites-enabled

.. and open the following file:

@000-ispconfig.vhost

.. and change this section:

Order allow,deny
Allow from all

.. to this:

Order deny,allow
Deny from all
Allow from 127.0.0.1 xxx.xxx.xxx.xxx (and further ip-blocks)

Safe your files and restart your apache webserver.

Your ISP-Config administration is now protected based on the ip from which an user connects to your site.. ..
Reply With Quote
The Following User Says Thank You to Bloedi For This Useful Post:
A1200 (16th October 2009)
  #3  
Old 15th October 2009, 19:58
A1200 A1200 is offline
Junior Member
 
Join Date: Oct 2009
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Hi Bloedi

Thanks for your fast reply, unfortunately, it doesn't seem to work. Even when I remove the Allow from line, I can still access the site. I tried changing AllowOverride to All on all the sections, but that didn't help. Am I missing something?

I did restart Apache

Here is my file:


################################################## ####
# This virtual host contains the configuration
# for the ISPConfig controlpanel
################################################## ####

Listen 8080
NameVirtualHost *:8080

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost

<IfModule mod_fcgid.c>
DocumentRoot /var/www/ispconfig/
SuexecUserGroup ispconfig ispconfig
<Directory /var/www/ispconfig/>
Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
Order deny,allow
Deny from all
</Directory>
</IfModule>

<IfModule mod_php5.c>
DocumentRoot /usr/local/ispconfig/interface/web/
AddType application/x-httpd-php .php
<Directory /usr/local/ispconfig/interface/web>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
php_value magic_quotes_gpc 0
</Directory>
</IfModule>

# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off

</VirtualHost>

<Directory /var/www/php-cgi-scripts>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

<Directory /var/www/php-fcgi-scripts>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>



To me that should not allow access to ISP config, but it does!

Thanks again,

Mike
Reply With Quote
  #4  
Old 15th October 2009, 20:25
Bloedi Bloedi is offline
Junior Member
 
Join Date: Oct 2009
Posts: 5
Thanks: 0
Thanked 2 Times in 2 Posts
Smile

I don't know but try to set also an Allow variable..

Allow from 127.0.0.1

.. and then restart..

It is important that you edit the vhost file which apache reloads und includes.
Reply With Quote
The Following User Says Thank You to Bloedi For This Useful Post:
A1200 (16th October 2009)
  #5  
Old 16th October 2009, 17:10
A1200 A1200 is offline
Junior Member
 
Join Date: Oct 2009
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I did try the allow line too. This is strange, I am sure that I have the correct vhost file (the virtual domains' vhost file are all contained there too). Really annoying how it works for you but not for me! Anthing else I need to do?
Reply With Quote
  #6  
Old 16th October 2009, 18:33
A1200 A1200 is offline
Junior Member
 
Join Date: Oct 2009
Posts: 6
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

Hey Bloedi,

I sorted it! I had resided to the fact that it wasn't going to work so set about putting on .htaccess:

http://www.howtoforge.com/forums/showthread.php?t=34845

When that didn't work I thought about it logically. Because I can access via the hostname/ispconfig I changed sites-enabled/000-default to:

<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
deny from all
</Directory>

and it worked! Now I can just put some allow hosts in!

Thanks buddy,

Mike
Reply With Quote
Reply

Bookmarks

Tags
access, disable, ispconfig, port, protect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig public key authentication? wpwood3 General 9 3rd November 2012 17:54
ISPConfig Firewall is blocking my public network LightVision Installation/Configuration 2 19th March 2009 17:57
Loads of mysql connections to dbispconfig StrikerNL General 2 5th March 2009 14:31
The PHP binary coming with ISPConfig does not work properly on your system! KalishNikova Installation/Configuration 6 6th November 2007 14:52
ERROR: The PHP binary coming with ISPConfig does not work properly on your system W1SKCC Installation/Configuration 2 2nd February 2007 13:55


All times are GMT +2. The time now is 00:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.