Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel/Webmail/WHM disable SNI redirect

Discussion in 'General Discussion' started by sparek-3, Feb 5, 2018.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,601
    Likes Received:
    64
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Is there a convenient way to disable the SNI redirect for cPanel access?

    I would prefer to just have http://example.tld/cpanel redirect to https://hostname:2083 regardless if example.tld has a valid secure certificate or not.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following option is available under the "Redirection" tab in "WHM >> Tweak Settings":

    Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS”

    You could disable this option, and then configure "Non-SSL redirect destination" to the server's hostname. Note that you'd need to make sure "Require SSL for cPanel Services" is enabled under the "Security" tab in "WHM >> Tweak Settings".

    Thank you.
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,601
    Likes Received:
    64
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Well, if you do that, then the cPanel services can be accessed non-securely.

    If Non-SSL redirect destination is set to Hostname, then http://example.tld/cpanel is just going to redirect to http://server.hostname.tld:2082. And if port 2082 is firewalled off, then this connection will fail.

    How I patched this for my needs, I created a new redirect script in cgi-sys to automatically redirect to the server's hostname for each service. Then created new ScriptAliasMatch directives in Apache before cPanel's ScriptAliasMatch's to intercept this and force a redirect to these custom cgi-sys redirects.

    This seems to work for my purposes, which doesn't appear to be a major issue for most other people.

    I really just liked the old way cPanel did this, when this feature was called "Always redirect to SSL/TLS". Using SNI for the cPanel service ports always seemed to be an unnecessary extra step. Since HTTP supports redirection (unlike IMAP, POP, and SMTP) going to http://example.tld/cpanel could always redirect to an appropriately secured URL (like a server's hostname).
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    That shouldn't happen as long as you leave "Require SSL for cPanel Services" enabled under the "Security" tab in "WHM >> Tweak Settings". It worked as intended when testing the behavior on a test system. That said, you may encounter issues if you have port 2082 blocked in your firewall.

    Thank you.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,601
    Likes Received:
    64
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Ah, OK. Blocking port 2082 and the other non-secure cPanel services ports was the issue here.

    Still debating on whether I like this solution or my custom solution better.
     
    cPanelMichael likes this.
Loading...

Share This Page