Webmail can attract lots of hackers. So my goal is to limit their access to Webmail by the standard Apache htaccess method. I have done it successfully for the Apache2 web sites access and also the ISPConfig 3 control panel. However, I am not successful on limit access to ISPConfig 3 SquirrelMail. The htaccess method does not work on Squirrelmail. Is anybody successful on this? Could you share with us? My system is ISPConfig 3.054sp1, webmail is Squirrelmail, installation follows the ISPConfig 3.05 Manual, the htaccess file is at /usr/share/squirrelmail/.
The squirrelmail install is the norml package from the Linux distribution, so its not ispconfig specific. I guess that the defaults of the OS does not allow overriding with .htaccess for the squirelmail folder. You can either try to add a "AllowOverride All" in the directory section of the /etc/apache2/conf.d/squirrelmail configuration file or you add the whole access rstriction directly in that file without using .htaccess.
I also find out by myself that the Squirrelmail plugin "lockout" can protect the Squirrelmail login to a very good extent. Combining it with the standard Apache protection mechanism, your Squirrelmail should be very secure!
