Hello, I have a dedicated server that is virtualized and one VM is running ISPConfig 3.1.13 and hosting a few web sites. All of my DNS is handled by my registrars so I pointed the new subdomain to the servers IP address. ISPConfig does nothing on the DNS side in my configuration. I then created a new client in ISP config as I want to ensure as much separation as possible with a new, and probably insecure demo app. so my domain is for instance domain1.com also running an alias with domain2.com . when user goes to domain1.com they see english and when they go to domain2.com they see spanish all by the same web hosting & files and the language is selected in php based on host name So i added a subdomain sub.domain1.com under the new client and the FTP user. I uploaded some files, only to find out that domain1.com and domain2.com were now being directed to this new space that was created only for sub.domain1.com . I backtracked , undid it all, and all is good. Is this not possible?? I am VERY concerned about the security of the demo app I want to upload so it seems best to separate it as much as possible. As I recall each client has their own set of permissions so that would help to keep a hacker out of domain1.com and domain2.com while accessing sub.domain1.com Thanks in advance, Mark
Probably you mixed IP and * in the ipv4 field. use * for all sites or the IP, but don't mix it as an IP is a stronger match than a wildcard in apache and nginx. Regarding your subdomain site, adding it as new separate site is a good choice security wise.
Do all sites of your server use ssl? Similar behavior can be observed when you mix sites with ssl and sites without ssl on the same server (IP), when you access site a which has no ssl, then you will get site b instead. To fix this, enable ssl for all sites or use different IP addresses for ssl and non-ssl sites.
I currently use NO SSL at all. interesting note: after previously having remoed sub.domain1.com , i then re-added it . This time I noticed that after it was re-created the second time and configuring an FTP account and viewing it, I now had [DEFAULT] showing under client name when I viewed the FTP account after creating it. I then deleted a second time and re-created a third time and all is good the third time. Probably should restart server after month of uptime. I now have a new issue https://www.howtoforge.com/community/threads/php-sessions-issue.81429/