Hello, I did a site security test to one of my domains. I got a lot of security issues that you can access ISPConfig and PhpMyAdmin directly with the domain. Same goes with 8080 and 8081 ports. Is there a way to restrict access to both to certain domain(s)/IP(s)? Or what should I change? Using : Ubuntu 14.04 and Apache2
That is no security issue. Probably the tool you used for the test just did not handle that correctly and showed you false positives. If you access ispconfig trough the server hostname or through another domain name that points to the server makes no difference security wise, it is just not useful to access it through website domain directly as you will get an SSL failure of course. Sae ith phpmyadmin. If you don't want to have a global alias for phpmyadmin on your server, then remove that from the apache phpmyadmin.conf file. And ISPConfig itself is a port based vhost, so you can't hide that easily. One way might be to change the port of the ispconfig vhost to 443 and add a servername in the vhost, so you get a namebased vhost then instead of a port based.
