Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Keep Webmail Feature but remove public login via browser

Discussion in 'E-mail Discussion' started by durangod, Oct 18, 2018.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    448
    Likes Received:
    27
    Trophy Points:
    78
    cPanel Access Level:
    Website Owner
    Hi,

    I dont want to remove the webmail feature as i want to still use the internal email accounts. But what i would like to do is to remove the public web login for webmail (i think its port 2095).

    I just want to access the webmail through cPanel only and not directly via broswer. How do i restrict or block that webmail login page?

    Can i just block 2095 in the csf firewall?

    thanks :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 durangod, Oct 18, 2018
    Last edited: Oct 19, 2018
  2. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    448
    Likes Received:
    27
    Trophy Points:
    78
    cPanel Access Level:
    Website Owner
    Ok ill try to block it in the csf like so

    Code:
    iptables -A INPUT -p tcp --dport 2095 -j DROP
    iptables -A INPUT -p tcp --dport 2096 -j DROP
    
    i have also removed 2095 and 2096 from the ip section in csf

    i also restarted csf and lfd but i can still bring up the browser page for 2096

    anyone got an idea how to block this access? thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 durangod, Oct 19, 2018
    Last edited: Oct 19, 2018
  3. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    448
    Likes Received:
    27
    Trophy Points:
    78
    cPanel Access Level:
    Website Owner
    well that effort didnt work with the ip tables, it still comes up no matter what. Boy i sure would like to stop that webmail page from loading, i have never ever accessed webmail that way and i dont plan to. And this is only me on the server, no other users.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    448
    Likes Received:
    27
    Trophy Points:
    78
    cPanel Access Level:
    Website Owner
    Update and plan b to this... i thought well if i can find the template or html file ill just comment out the login inputs and that will take care of that issue, no inputs no cracking... So basically you break it to secure it.

    one step closer i found the html login page and commented out the login inputs to test to see if this was the right file and clear CF cache but still nothing the page still loads.

    why would there be a webmail login html file if its not used wth... Maybe there is whm cache of some kind. Do i need to clear some whm cache?

    the file is in /usr/local/cpanel/base/unprotected and its called login_webmaild.html as far as i know this has to be the right file for the webmail login page for public..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    448
    Likes Received:
    27
    Trophy Points:
    78
    cPanel Access Level:
    Website Owner
    ok here we go how does this look....

    nowebmailforyou.jpg

    so no inputs means no access authorized or not... thats what we want...


    Basically cpanel uses one file for all login page content, they just pick and choose the words used depending on the access (ie whm, webmail, cpanel), i dont know what language that is being used with the html but i was able to figure out how to use it rather quickly with my coding experience. If someone knows what language that is tell me as i would be interested in learning it. Is that java?

    I just added and if statement around the inputs and gave it an else. At first i did not plan to have an else statement but since js autofocuses on the id="user" and without it, it gives an error that it cant focus. So i just gave it what it wanted (something with an id of user) and that is my (else) div id. So that took care of the js requirement and no more error.

    So to show you the page source ill show you that section of this on the page source. If i knew what language this was i could put the comments so they dont show on the source but i tried using # for comments and did not work. So i used html comment code...

    nowebmailforyou_source.jpg

    and then here is the file that i changed. Now i assume ill have to redo this every time there is a whm update but its worth it to me. On day maybe cPanel will have some feature added where we can turn off login to public webmail and we wont have to edit core files. :)

    Just so i dont show too much of the file here ill just show my part that i edited. It starts at line 174 which is the beginning of the form.

    /usr/local/cpanel/base/unprotected/cpanel/templates/login.tmpl

    I did test this and it does allow login to cpanel and whm, just not webmail...

    here is my code.

    HTML:
                               <form novalidate id="login_form" action="/login/" method="post" target="[% login_target %]" style="visibility:[% linked_users.size ? 'hidden' : '' %]">
    
    <!-- modifed by dave to prevent login on webmail browser page that faces public added if code   -->
                                    [% IF app_name != "webmaild" %]
    
                                    <div class="input-req-login"><label for="user">[% IF app_name=="webmaild" %][% locale.maketext('Email Address') %][% ELSE %][% locale.maketext('Username') %][% END %]</label></div>
                                    <div class="input-field-login icon username-container">
                                        <input name="user" id="user" autofocus="autofocus" value="[% user.html() %]" placeholder="[% IF app_name=="webmaild" %][% locale.maketext('Enter your email address.') %][% ELSE %][% locale.maketext('Enter your username.') %][% END %]" class="std_textbox" type="text" [% allow_login_autocomplete ? '' : 'autocomplete="off"' %] tabindex="1" required>
                                    </div>
    
    <!-- this end code added by dave -->
                                     [% ELSE %] <div id="user"> <span>[% locale.maketext('Sorry not authorized - move on please !') %]</span></div>
                                      [% END %]
    <!-- end of username input mod -->
    
    <!-- modifed by dave to prevent login on webmail browser page that faces public added if code   -->
                                    [% IF app_name != "webmaild" %]
    
    
                                    <div class="input-req-login login-password-field-label"><label for="pass">[% locale.maketext('Password') %]</label></div>
                                    <div class="input-field-login icon password-container">
                                        <input name="pass" id="pass" placeholder="[% IF app_name=="webmaild" %][% locale.maketext('Enter your email password.') %][% ELSE %][% locale.maketext('Enter your account password.') %][% END %]" class="std_textbox" type="password" tabindex="2" [% allow_login_autocomplete ? '' : 'autocomplete="off"' %] required>
                                    </div>
    
    <!-- this end code added by dave -->
                                      [% END %]
    <!-- end of username input mod -->
    
    
    
                                    <div class="controls">
                                        <div class="login-btn">
    <!-- modifed by dave to prevent login on webmail browser page that faces public added if code   -->
                                    [% IF app_name != "webmaild" %]
    
    
                                            <button name="login" type="submit" id="login_submit" tabindex="3">[% locale.maketext('Log in') -%]</button>
    
    <!-- this end code added by dave -->
                                      [% END %]
    <!-- end of username input mod -->
    
    
                                        </div>
    
    and here is the file:
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 durangod, Oct 22, 2018
    Last edited: Oct 22, 2018
  6. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    91
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    The simple way is to remove ports 2095 and 2096 from the csf.conf file and allow ports 2095 and 2096 ports to your machine's public IP only in the csf.allow section
    -------------- --------------
    tcp|in|d=2095|d=xx.xx.xx.xx
    tcp|in|d=2096|d=xx.xx.xx.xx
    -------------- --------------
    replace xx.xx.xx.xx with your static IP from where you want to access it..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    448
    Likes Received:
    27
    Trophy Points:
    78
    cPanel Access Level:
    Website Owner
    Hi, thanks for the reply.... thats one of the main challenges is that i dont have a static ip and it costs $500 to get one from verizon. So i needed to find another solution, im not a big fan of modding core files but its all i had to go on for now.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @durangod


    Because accessing webmail uses that page even when you access through cPanel you removing that page wouldn't be possible. You could disable webmail which wouldn't affect your mail client, you could also close 2096/2095 but that would disable webmail as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice