The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webmail Subdomain Question

Discussion in 'User Experience' started by marcelorp, Apr 28, 2015.

  1. marcelorp

    marcelorp Member

    Joined:
    Apr 27, 2015
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello!

    I want to give to my customers an direct access to webmail, such as Roundcube or Horde, without going to CPanel login page, just to to Horde login page, for example, is that possible to do?

    I read in some website that enable the Proxy Domains is a security issue, but is there a way to use the WHM Subdomains, like: webmail, whm and others created in whm without activating the Proxy Domains?

    [Removed - Please attach directly to thread]
     
    #1 marcelorp, Apr 28, 2015
    Last edited by a moderator: Apr 28, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Proxy subdomains should work by default. You could provide your email users the following URL:

    Code:
    http://webmail.domain.com
    Or, simply add /webmail to the end of a domain name and the webmail interface will load.

    Thank you.
     
  3. marcelorp

    marcelorp Member

    Joined:
    Apr 27, 2015
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    But with proxy subdomain desactivated, is possible to provide webmail.domain.com or just with proxy?

    Is there a way to made webmail subdomain work without proxy? Or the proxy is not a security issue and I can enable that without problem?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The security option I believe you are referring to is:

    "Cookie IP validation"

    Per it's description:

    Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

    It's common to see proxy subdomains enabled. I suggest enabling proxy subdomains rather than attempting to manually configure Apache to allow for it.

    Thank you.
     
  5. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    Proxy subdomains is a security issue and should be kept disabled until Cpanel is able to fix the security bugs.
     
Loading...

Share This Page