[Case 46364] Problem with "Require SSL for all remote logins to cPanel ..."

FreedomBI

Well-Known Member
Jul 7, 2008
65
0
56
I have come across a problem with the security setting "Require SSL for all remote logins to cPanel, WHM and Webmail. This setting is recommended." With webmail, it always tries to redirect to port 2096. Eg, if you have example.com and go to https://webmail.example.com, it will try to redirect you to https://webmail.example.com:2096 even though it's already using SSL. This results in users behind a firewall being unable to access webmail. Turning off this option restores normal functionality.

I have only tried this with webmail. I haven't tried cpanel or whm.
 

thewebhosting

Well-Known Member
May 9, 2008
1,199
1
68
If you wish to disable this feature then you can disable it from WHM -> Tweak settings -> Redirection -> Unselect the option "Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc."
 

FreedomBI

Well-Known Member
Jul 7, 2008
65
0
56
"Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc." has no effect on this. With this disabled and "Require SSL for all remote logins..." enabled, the problem still occurs. It does not occur with "Always redirect" on and "Require SSL" off.
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
I believe the intended behavior is that of redirecting to the SSL port; however, I see the noted scenario is when using an SSL virtual host in Apache with the proxy sub-domains feature. Please consider submitting a support request so we may inspect and verify the specific circumstances and assist with investigating the issue; when available, please PM me the ticket ID number so I may follow-up internally.
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Was there ever a resolution for this problem?

Tom
To the best of my knowledge the difficulty that was initially described should be fully alleviated. Upon testing, using cPanel version 11.25.1-EDGE_47010 and Apache version 2.2.15, I was unable to reproduce a scenario where SSL access to the webmail proxy sub-domain triggered a visible redirect to SSL port 2096 for webmail. I tested with "Always redirect to SSL" both enabled (On) and disabled (Off), each time with "Require SSL" enabled (On).

Are you currently seeing behavior different than what I've described above or are you experiencing any difficulty accessing services via the applicable proxy sub-domain?
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Friendly Moderator Note

Was there ever a resolution for this problem?

Tom
Are you currently seeing behavior different than what I've described above or are you experiencing any difficulty accessing services via the applicable proxy sub-domain?
Before posting I did not yet see the separate thread that you started; however, after reviewing the information posted there I believe it may be a different issue at the root of the symptoms. Please refer to my reply posted within your new thread. To prevent confusion with the older inquiry please continue applicable discussion in the newer thread that is dedicated to your unique circumstances. Thank you for your understanding. :)
 

Infopro

Well-Known Member
May 20, 2003
17,090
519
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Important cPanel/WHM Version Number Designation Change

Please Note: Important cPanel/WHM Version Number Designation Change

As of July 28, 2010 the cPanel/WHM version number designations have been officially changed.

Version 11.25.1 is now designated 11.28 and version 11.25.2 is now designated 11.30.

These new changes were explained in some detail recently at the July 2010 - Quarterly Road map - Webinar direct from cPanel's PodCast Studio in Houston, Texas with speakers David Grega and Mario Rodriguez.

An official press release about these changes is forthcoming and can be accessed at this link as soon as it's made available to the Forum Team:
Important cPanel/WHM Version Number Designation Change (To be updated)

This post serves to update users who are subscribed to threads (where this message is posted) looking forward to upcoming enhancements in future versions of cPanel.
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
24
143
Houston, TX
cPanel Access Level
Root Administrator
re: [Case 46364] Problem with "Require SSL for all remote logins to cPanel ..."

The only method to avoid this, at this time, is to disable Require SSL in Main >> Server Configuration >> Tweak Settings. This setting is under the Security tab.

A request to change this behavior and cause proxy subdomains to work through the SSL ports has already been filed with our developers. There is no estimated time for when this will be changed, but it is being considered for a future version. The case number is 46364, and the case number will be mentioned in the changelog when a change affecting this behavior is published in a public build.
 

manokiss

Well-Known Member
Mar 31, 2002
576
1
318
Re: [Case 46364] Problem with "Require SSL for all remote logins to cPanel

Im on WHM 11.30.3 (build 5) and im having this problem yet. I have:

Always redirect to SSL: On
Non-SSL redirect destination: hostname
SSL redirect destination: SSL Certificate Name

It continue showing the "Log in using SSL" link when i go to webmail.dom.com. When i click on it it redirecting to the port 2096 (for webmail for example).

I did tes in one domain running /scripts/proxydomains for that domain specifically, nothing has changed.

Any idea? I have the same problem in all the servers i have.

Thanx in advance!