cPanel/Webmail/WHM disable SNI redirect

S

sparek-3

Well-Known Member
Aug 10, 2002
2,138
260
388
cPanel Access Level
Root Administrator
Is there a convenient way to disable the SNI redirect for cPanel access?

I would prefer to just have http://example.tld/cpanel redirect to https://hostname:2083 regardless if example.tld has a valid secure certificate or not.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

The following option is available under the "Redirection" tab in "WHM >> Tweak Settings":

Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS”

You could disable this option, and then configure "Non-SSL redirect destination" to the server's hostname. Note that you'd need to make sure "Require SSL for cPanel Services" is enabled under the "Security" tab in "WHM >> Tweak Settings".

Thank you.
 
S

sparek-3

Well-Known Member
Aug 10, 2002
2,138
260
388
cPanel Access Level
Root Administrator
Well, if you do that, then the cPanel services can be accessed non-securely.

If Non-SSL redirect destination is set to Hostname, then http://example.tld/cpanel is just going to redirect to http://server.hostname.tld:2082. And if port 2082 is firewalled off, then this connection will fail.

How I patched this for my needs, I created a new redirect script in cgi-sys to automatically redirect to the server's hostname for each service. Then created new ScriptAliasMatch directives in Apache before cPanel's ScriptAliasMatch's to intercept this and force a redirect to these custom cgi-sys redirects.

This seems to work for my purposes, which doesn't appear to be a major issue for most other people.

I really just liked the old way cPanel did this, when this feature was called "Always redirect to SSL/TLS". Using SNI for the cPanel service ports always seemed to be an unnecessary extra step. Since HTTP supports redirection (unlike IMAP, POP, and SMTP) going to http://example.tld/cpanel could always redirect to an appropriately secured URL (like a server's hostname).
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
sparek-3 said:
Well, if you do that, then the cPanel services can be accessed non-securely.
Click to expand...
That shouldn't happen as long as you leave "Require SSL for cPanel Services" enabled under the "Security" tab in "WHM >> Tweak Settings". It worked as intended when testing the behavior on a test system. That said, you may encounter issues if you have port 2082 blocked in your firewall.

Thank you.
 
S

sparek-3

Well-Known Member
Aug 10, 2002
2,138
260
388
cPanel Access Level
Root Administrator
Ah, OK. Blocking port 2082 and the other non-secure cPanel services ports was the issue here.

Still debating on whether I like this solution or my custom solution better.
 
  • Like
Reactions: cPanelMichael
K

ksechrist

Active Member
Jan 27, 2019
39
8
8
Texas
cPanel Access Level
Root Administrator
oops.. sorry, posted to wrong thread!
 
Last edited:
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C how do clients park a domain on cpanel? Domain Management 2
B WHM/cPanel/Webmail not accessible but IP&hostname+Port works Domain Management 3
B In Progress [CPANEL-30925] /webmail redirect Domain Management 19
T Change user or domain /cpanel /webmail /whm redirection Domain Management 5
M Redirect /webmail /cpanel /whm Domain Management 1
Similar threads
how do clients park a domain on cpanel?
WHM/cPanel/Webmail not accessible but IP&hostname+Port works
In Progress [CPANEL-30925] /webmail redirect
Change user or domain /cpanel /webmail /whm redirection
Redirect /webmail /cpanel /whm
Top Bottom