Hi, I have been using ISPConfig for a while now. It is a great hosting tool, saving lots of time away from shell commands! I have a scenario where I want to control ISPConfig and no one else (including clients need to). So, when I access http://[host]:8080 I get the ISPConfig login page. However, for some reason if I go to http://[host]/ispconfig I can bring the login page up that way. I don't want this to happen, so I need to know how to stop ISPConfig from being accessible on port 80 OR if that cannot be done, give the ISPConfig interface itself protection using .htaccess (which I tried and failed to do even though it is working fine for client sites). Any ideas? Thanks, Mike
This is easy.. :0) .. I blocked public access from other locations. Only connections from some IP's are allowed. Just go to: /etc/apache2/sites-enabled .. and open the following file: @000-ispconfig.vhost .. and change this section: Order allow,deny Allow from all .. to this: Order deny,allow Deny from all Allow from 127.0.0.1 xxx.xxx.xxx.xxx (and further ip-blocks) Safe your files and restart your apache webserver. Your ISP-Config administration is now protected based on the ip from which an user connects to your site.. ..
Hi Bloedi Thanks for your fast reply, unfortunately, it doesn't seem to work. Even when I remove the Allow from line, I can still access the site. I tried changing AllowOverride to All on all the sections, but that didn't help. Am I missing something? I did restart Apache Here is my file: ###################################################### # This virtual host contains the configuration # for the ISPConfig controlpanel ###################################################### Listen 8080 NameVirtualHost *:8080 <VirtualHost _default_:8080> ServerAdmin webmaster@localhost <IfModule mod_fcgid.c> DocumentRoot /var/www/ispconfig/ SuexecUserGroup ispconfig ispconfig <Directory /var/www/ispconfig/> Options Indexes FollowSymLinks MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo AddHandler fcgid-script .php FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php Order deny,allow Deny from all </Directory> </IfModule> <IfModule mod_php5.c> DocumentRoot /usr/local/ispconfig/interface/web/ AddType application/x-httpd-php .php <Directory /usr/local/ispconfig/interface/web> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all php_value magic_quotes_gpc 0 </Directory> </IfModule> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off </VirtualHost> <Directory /var/www/php-cgi-scripts> AllowOverride None Order Deny,Allow Deny from all </Directory> <Directory /var/www/php-fcgi-scripts> AllowOverride None Order Deny,Allow Deny from all </Directory> To me that should not allow access to ISP config, but it does! Thanks again, Mike
I don't know but try to set also an Allow variable.. Allow from 127.0.0.1 .. and then restart.. It is important that you edit the vhost file which apache reloads und includes.
I did try the allow line too. This is strange, I am sure that I have the correct vhost file (the virtual domains' vhost file are all contained there too). Really annoying how it works for you but not for me! Anthing else I need to do?
Hey Bloedi, I sorted it! I had resided to the fact that it wasn't going to work so set about putting on .htaccess: http://www.howtoforge.com/forums/showthread.php?t=34845 When that didn't work I thought about it logically. Because I can access via the hostname/ispconfig I changed sites-enabled/000-default to: <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order deny,allow deny from all </Directory> and it worked! Now I can just put some allow hosts in! Thanks buddy, Mike