Disable public access to ISPConfig

Discussion in 'Installation/Configuration' started by A1200, Oct 15, 2009.

  1. A1200

    A1200 New Member

    Hi,

    I have been using ISPConfig for a while now. It is a great hosting tool, saving lots of time away from shell commands!

    I have a scenario where I want to control ISPConfig and no one else (including clients need to). So, when I access http://[host]:8080 I get the ISPConfig login page.

    However, for some reason if I go to http://[host]/ispconfig I can bring the login page up that way.

    I don't want this to happen, so I need to know how to stop ISPConfig from being accessible on port 80 OR if that cannot be done, give the ISPConfig interface itself protection using .htaccess (which I tried and failed to do even though it is working fine for client sites).

    Any ideas?

    Thanks,

    Mike
     
  2. Bloedi

    Bloedi New Member

    This is easy.. :0) ..

    I blocked public access from other locations. Only connections from some IP's are allowed.

    Just go to:

    /etc/apache2/sites-enabled

    .. and open the following file:

    @000-ispconfig.vhost

    .. and change this section:

    Order allow,deny
    Allow from all

    .. to this:

    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 xxx.xxx.xxx.xxx (and further ip-blocks)

    Safe your files and restart your apache webserver.

    Your ISP-Config administration is now protected based on the ip from which an user connects to your site.. :) ..
     
  3. A1200

    A1200 New Member

    Hi Bloedi

    Thanks for your fast reply, unfortunately, it doesn't seem to work. Even when I remove the Allow from line, I can still access the site. I tried changing AllowOverride to All on all the sections, but that didn't help. Am I missing something?

    I did restart Apache ;)

    Here is my file:


    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 8080
    NameVirtualHost *:8080

    <VirtualHost _default_:8080>
    ServerAdmin [email protected]

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options Indexes FollowSymLinks MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    AddHandler fcgid-script .php
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Order deny,allow
    Deny from all
    </Directory>
    </IfModule>

    <IfModule mod_php5.c>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    # ErrorLog /var/log/apache2/error.log
    # CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    </VirtualHost>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Order Deny,Allow
    Deny from all
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Order Deny,Allow
    Deny from all
    </Directory>



    To me that should not allow access to ISP config, but it does!

    Thanks again,

    Mike
     
  4. Bloedi

    Bloedi New Member

    I don't know but try to set also an Allow variable..

    Allow from 127.0.0.1

    .. and then restart..

    It is important that you edit the vhost file which apache reloads und includes.
     
  5. A1200

    A1200 New Member

    I did try the allow line too. This is strange, I am sure that I have the correct vhost file (the virtual domains' vhost file are all contained there too). Really annoying how it works for you but not for me! Anthing else I need to do?
     
  6. A1200

    A1200 New Member

    Hey Bloedi,

    I sorted it! I had resided to the fact that it wasn't going to work so set about putting on .htaccess:

    http://www.howtoforge.com/forums/showthread.php?t=34845

    When that didn't work I thought about it logically. Because I can access via the hostname/ispconfig I changed sites-enabled/000-default to:

    <Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order deny,allow
    deny from all
    </Directory>

    and it worked! Now I can just put some allow hosts in!

    Thanks buddy,

    Mike
     

Share This Page