Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel/Webmail/WHM disable SNI redirect

Discussion in 'General Discussion' started by sparek-3, Feb 5, 2018.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,799
    Likes Received:
    131
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Is there a convenient way to disable the SNI redirect for cPanel access?

    I would prefer to just have http://example.tld/cpanel redirect to https://hostname:2083 regardless if example.tld has a valid secure certificate or not.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The following option is available under the "Redirection" tab in "WHM >> Tweak Settings":

    Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS”

    You could disable this option, and then configure "Non-SSL redirect destination" to the server's hostname. Note that you'd need to make sure "Require SSL for cPanel Services" is enabled under the "Security" tab in "WHM >> Tweak Settings".

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,799
    Likes Received:
    131
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Well, if you do that, then the cPanel services can be accessed non-securely.

    If Non-SSL redirect destination is set to Hostname, then http://example.tld/cpanel is just going to redirect to http://server.hostname.tld:2082. And if port 2082 is firewalled off, then this connection will fail.

    How I patched this for my needs, I created a new redirect script in cgi-sys to automatically redirect to the server's hostname for each service. Then created new ScriptAliasMatch directives in Apache before cPanel's ScriptAliasMatch's to intercept this and force a redirect to these custom cgi-sys redirects.

    This seems to work for my purposes, which doesn't appear to be a major issue for most other people.

    I really just liked the old way cPanel did this, when this feature was called "Always redirect to SSL/TLS". Using SNI for the cPanel service ports always seemed to be an unnecessary extra step. Since HTTP supports redirection (unlike IMAP, POP, and SMTP) going to http://example.tld/cpanel could always redirect to an appropriately secured URL (like a server's hostname).
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    That shouldn't happen as long as you leave "Require SSL for cPanel Services" enabled under the "Security" tab in "WHM >> Tweak Settings". It worked as intended when testing the behavior on a test system. That said, you may encounter issues if you have port 2082 blocked in your firewall.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,799
    Likes Received:
    131
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Ah, OK. Blocking port 2082 and the other non-secure cPanel services ports was the issue here.

    Still debating on whether I like this solution or my custom solution better.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice