ispconfig and webmail embedding problem

Discussion in 'Installation/Configuration' started by Linksys2006, Feb 3, 2019.

  1. Linksys2006

    Linksys2006 New Member

    Hi there.

    Have a question and I need your help. I put the ispConfig on a debian 9. Before I wanted to embed webmail in a frame. it worked super and you could use this option without leaving the theoretical side. This also applies to the ispconfig entry page. My next problem is if I want to embed a page on a particular web page, I will refuse to connect. What would be the right way to embed these pages in a frame without leaving the theoretical website, which they now refuse. What do I suggest, what would be the right solution?

    Thanks in advance for your help ...
    Linksys2006
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    ISPConfig sets the X-Frame-Options header, you will need to change that to allow from your specific sites where you wish to embed it.
     
  3. Linksys2006

    Linksys2006 New Member

    Thanks for the reply.
    You'd just have to tell me which file I can modify. I was a little fused with the operation of ispConfig and I would be grateful for a more detailed description. Thanks in advance.
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

  5. Linksys2006

    Linksys2006 New Member

    Hello.
    Thank you again for your help, but I'm not sure it would be a good idea to replace it because my original vhostom doesn't contain any <tmpl_var name = "vhost_port_listen"> Listen <tmpl_var name = "vhost_port">
    NameVirtualHost *: <tmpl_var name = "vhost_port">
    beer. I want to understand what line I want to find in the vhost itself that rejects the connection and what I should rewrite in order not to reject the connection. In the master.vhost you link to, it points to places that may not be available to me.

    Thank you for your patience and help.
     
  6. Jesse Norell

    Jesse Norell Well-Known Member

    The link I sent is from latest the stable 3.1 code, so if you're using an older version either update to the latest or grab the template from the installation tarball for your version.

    https://git.ispconfig.org/ispconfig...install/tpl/apache_ispconfig.vhost.master#L94

    It's probably just newer and has some additional security headers added there, you can simply copy the section to set the headers into your own file, or upgrade to the latest stable3.1.
     
  7. Jesse Norell

    Jesse Norell Well-Known Member

    Note that I've never tried setting this up, I'm just reading info from google searches, but in a quick look at specifically what you'd need to set, it appears the X-Frame-Options header would look like:
    Code:
    Header set X-Frame-Options SAMEORIGIN
    Header append X-Frame-Options "ALLOW-FROM http://www.example.com/" 
    Header append X-Frame-Options "ALLOW-FROM http://example.com/"
    Header append X-Frame-Options "ALLOW-FROM https://www.example.com/"
    Header append X-Frame-Options "ALLOW-FROM https://example.com/"
    
    Also I missed that the Content-Security-Policy also covers this functionality; the X-Frame-Options header is not well supported across browsers, so you should also set frame-ancestors directive in Content-Security-Policy header, which I believe should look like:
    Code:
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'self' example.com www.example.com example2.com www.example2.com"
    
     
    Linksys2006 likes this.
  8. Linksys2006

    Linksys2006 New Member

    Hello Jesse.

    Thank you very much for the help, with the description of the last codes I learned to solve my problem. I didn't want to update ispConfig because ssl was not working properly, it was always a problem. I manually set this up and I don't want the update to ruin everything. (Of course, I can back up) But since I do not have the transparency of the whole ispconfig, I manually set up the right foods. Thank you for your help, a good priest is learning to die.:)
     

Share This Page