Problem with non SSL login to WHM, CPANEL and WEBMAIL

[mailo]

Folks, I have this issue.

I followed FAQ to disable non SSL login to whm / cpanel and webmail:

"Under 'Tweak Settings' in WHM, make sure the following option is selected:
Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc"

But I can login on default http connection without SSL, yet.

There is another tweak that overrides this option?

I`m using a wildcard SSL cert and is configured to all services in SSL Host like *.domain.com

 

[sparek-3]

How are you logging on non-securely?

Using that option in tweak setting won't prevent someone from accessing the cPanel apps directly on the insecure ports (2082, 2085, 2095).

So if someone is visiting their control panel by specifically going to:

http://theirdomain.com:2082

Then this will work.

If you don't want the insecure ports to work, your best option is to use a firewall and block those ports. Then reminding customers that they need to use http://theirdomain.com/cpanel for accessing their control panel.

 

[mailo]

I have configured *.domain.com IN A cpanel_server on DNS, so:

http://cpanel.domain.com enters without SSL
https://cpanel.domain.com enters with SSL

 

[sparek-3]

This is using the cPanel proxy setup.

I don't recommend setting this up for each individual account on a server. Instead I recommend setting up a single cpanel subdomain account on the server and installing a certificate for that account. Then telling all of your users to access their control panel through this subdomain account. Its a bit easier to manage in my opinion.

For more information on this see my post:

http://forums.cpanel.net/showpost.php?p=429953&postcount=94

Otherwise, you would need to discuss this with the cPanel developers. Perhaps log some type of enhancement request.

 

[sparek-3]

I just realized that the post I referenced was for webmail. This can still work for cpanel you just need to use a cpanel subdomain account and instead of:

http://127.0.0.1:2095/$1

use:

http://127.0.0.1:2082/$1

Port 2095 is for Webmail.

Port 2082 is for cpanel.

Port 2085 is for Webhost Manager.

 

[mailo]

Thanks a lot, but the problem continues, I was reading httpd.conf configuration and put these changes:

# CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
<VirtualHost 70.38.37.200:80 70.38.37.200:443 *>
ServerName pi.fribits.com
ServerAlias cpanel.* whm.* webmail.* webdisk.*
DocumentRoot /usr/local/apache/htdocs
ServerAdmin [email protected]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^cpanel\. [NC]
RewriteRule ^/(.*) https://cpanel.fribits.com/$1

But enters in a loop, I need that all cpanel.domain have to go to cpanel.fribits.com, but with these sentences are being looped.

UseCanonicalName Off
</VirtualHost>

 

[sparek-3]

Your entering an infinite loop because you are telling the server to redirect https://cpanel.fribits.com to https://cpanel.fribits.com

I don't know how you have this wildcard SSL set up. I have very limited experience with wildcard SSLs.

For one thing, you don't need to edit the httpd.conf file manually. Changes will get overwritten.

How I have done this in the past with a wildcard SSL was to create separate accounts.

cpanel.fribits.com
whm.fribits.com
webmail.fribits.com

Each with their own IP address. Each set up just like they were separate accounts.

Then install the certificate for cpanel.fribits.com using the wildcard SSL certificate.

Then install the certificate for whm.fribits.com using the wildcard SSL certficate.

etc.

Then follow the instructions as laid out in the thread I referenced above.

In order for you to do this, it looks like you will have to unpark cpanel.fribits.com, whm.fribits.com, webmail.fribits.com, and webdisk.fribits.com for this to work (or however the line ServerAlias cpanel.* whm.* webmail.* webdisk.* came to be in your config file -- again, limited experience working with wildcard certificates)