The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel SSL redirect confusion

Discussion in 'General Discussion' started by meeven, Nov 15, 2008.

  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    As one step in increasing security for my clients, I got an SSL cert for host.domain.com, thinking that I would use Tweak Settings in WHM to redirect all requests to /cpanel, /webmail etc to the secure port, https://host.domain.com/, the server's host name.

    I did this, but face the following problems:

    The new proxy domains feature (A records being automatically added for cpanel, whm, webmail and webdisk) sure helps people connecting from behind corporate firewalls where ports 2095, etc., may be blocked, but it doesn't help webmasters strictly enforce connecting through SSL.

    Purchasing wild card SSLs for each client's domain (to redirect the proxy domains to a secure connection) is expensive and the solution outlined in these forums to implement a chained SSL of some kind is complicated.

    Is there any way at all to ensure that all cPanel/WHM logins, including proxy domains, are redirected to a secure connection on https://host.domain.com/, the server's main host name?
     
    #1 meeven, Nov 15, 2008
    Last edited: Nov 15, 2008
  2. docbreed

    docbreed Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Anything on this? This actually has a 3 point hit in pci compliance per port, 12 points total. Greater then 4 fails compliance..
    webmail, cpanel, whm, webdisk



    WHM 11.23.2 cPanel 11.23.6-R27698
    CENTOS Enterprise 5.2 i686 on standard - WHM X v3.1.0
     
  3. docbreed

    docbreed Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    ok so I updated to

    cPanel 11.24.2-C32318 - WHM 11.24.2 - X 3.9
    CENTOS 5.2 i686 on standard

    And cpanel/whm/webmail seemed to redirect to ssl w/out loopholes however
    the webdisk and port did not. Webdisk on port 2077 is open to none SSL is there any way to make this work like the other three?

    --Jeremy
     
  4. docbreed

    docbreed Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Ok so there is still a loop hole to login w/out SSL

    http://IP:2082 allows login w/out SSL How can we stop this????

    that or is there way to redirect all my ips (http:/ip:2082) to redirect to my hostname ssl w/in httpd.conf?
     
    #4 docbreed, Dec 13, 2008
    Last edited: Dec 13, 2008
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Look for the Redirection settings in Tweak Settings, WHM. I'm sure that's what you seek.
     
  6. docbreed

    docbreed Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
    CHECKED
    When visiting /cpanel or /whm or /webmail WITHOUT SSL, you can choose to redirect to:
    Hostname Origin Domain Name
    When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to:
    SSL Certificate Name Hostname Origin Domain Name
    Redirect user to the following URL upon logout of the cPanel interface. A blank value specifies the default logout page.
    NONE

    and im still able to http: //domain.com:2082 2086 2092 or http: //IP:2082 2086 2092 w/out SSL
    if i type http: //domain.com/cpanel webmail whm it will redirect to https: //hostname like i want it to be. But i really need it ALL ports 2082 2086 2092 to be redirected to SSL hostname.
     
  7. docbreed

    docbreed Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    I dont think it is much.

    If anything hits port 2095, on any of my ips, I want it to goto https: //hostname

    This has to go ssl and not clear text.

    Anyone?
     
  8. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's not.
    Unfortunately, CPanel is absolutely ridiculous about this, and PCI standards require logins to be sent over encrypted (ssl) layers.

    This can break PCI compliance, or cause it not to work at all.

    The only (possible) solution? Disable the non ssl ports, block them through the firewall, but even THEN, most PCI individuals can get through.

    Of course, this is CPanel's fault, adn CPanel should fix this problem, but they're not going to.
     
Loading...

Share This Page