Hi there. Have a question and I need your help. I put the ispConfig on a debian 9. Before I wanted to embed webmail in a frame. it worked super and you could use this option without leaving the theoretical side. This also applies to the ispconfig entry page. My next problem is if I want to embed a page on a particular web page, I will refuse to connect. What would be the right way to embed these pages in a frame without leaving the theoretical website, which they now refuse. What do I suggest, what would be the right solution? Thanks in advance for your help ... Linksys2006
ISPConfig sets the X-Frame-Options header, you will need to change that to allow from your specific sites where you wish to embed it.
Thanks for the reply. You'd just have to tell me which file I can modify. I was a little fused with the operation of ispConfig and I would be grateful for a more detailed description. Thanks in advance.
The running config file is /etc/apache2/sites-enabled/000-ispconfig.vhost, though you need to make a copy in your conf-custom folder as well to survive ispconfig updates. (ie. that means download https://git.ispconfig.org/ispconfig...3.1/install/tpl/apache_ispconfig.vhost.master and save under /usr/local/ispconfig/server/conf-custom/ and make your changes to that template as well)
Hello. Thank you again for your help, but I'm not sure it would be a good idea to replace it because my original vhostom doesn't contain any <tmpl_var name = "vhost_port_listen"> Listen <tmpl_var name = "vhost_port"> NameVirtualHost *: <tmpl_var name = "vhost_port"> beer. I want to understand what line I want to find in the vhost itself that rejects the connection and what I should rewrite in order not to reject the connection. In the master.vhost you link to, it points to places that may not be available to me. Thank you for your patience and help.
The link I sent is from latest the stable 3.1 code, so if you're using an older version either update to the latest or grab the template from the installation tarball for your version. https://git.ispconfig.org/ispconfig...install/tpl/apache_ispconfig.vhost.master#L94 It's probably just newer and has some additional security headers added there, you can simply copy the section to set the headers into your own file, or upgrade to the latest stable3.1.
Note that I've never tried setting this up, I'm just reading info from google searches, but in a quick look at specifically what you'd need to set, it appears the X-Frame-Options header would look like: Code: Header set X-Frame-Options SAMEORIGIN Header append X-Frame-Options "ALLOW-FROM http://www.example.com/" Header append X-Frame-Options "ALLOW-FROM http://example.com/" Header append X-Frame-Options "ALLOW-FROM https://www.example.com/" Header append X-Frame-Options "ALLOW-FROM https://example.com/" Also I missed that the Content-Security-Policy also covers this functionality; the X-Frame-Options header is not well supported across browsers, so you should also set frame-ancestors directive in Content-Security-Policy header, which I believe should look like: Code: Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'self' example.com www.example.com example2.com www.example2.com"
Hello Jesse. Thank you very much for the help, with the description of the last codes I learned to solve my problem. I didn't want to update ispConfig because ssl was not working properly, it was always a problem. I manually set this up and I don't want the update to ruin everything. (Of course, I can back up) But since I do not have the transparency of the whole ispconfig, I manually set up the right foods. Thank you for your help, a good priest is learning to die.
