Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x Community Guides & How-To's v1.0.x v Using Custom Vhost Entries for Webmail, MySQL, Etc.

Using Custom Vhost Entries for Webmail, MySQL, Etc.
iraqiboy90 Offline
Sentora Member
*
OS: Centos 7
Version: 1.0.3
Server: VPS
Posts: 65
Threads: 5
Joined: Nov 2014
Reputation: 2
Sex: Undisclosed
Thanks: 27
Given 8 thank(s) in 8 post(s)
#79
RE: Using Custom Vhost Entries for Webmail, MySQL, Etc.
 04-17-2020, 11:45 PM (This post was last modified: 04-17-2020, 11:49 PM by iraqiboy90.)
(10-22-2014, 05:52 AM)TGates Wrote: NOTICE: This could be vulnerable as the sub domains are not locked down using suhosin. Use at your own risk!

Hi
Is this still a possibility?

I used the following code to lock it down with a wildcard certificate I already use for the main domain, which works fine, visually. I also changed it to 443 on the first part and added an http to https redirect with the last part. Is there anything behind that scene about security this might affect?
Code:
</VirtualHost>
# Configuration for WebMail
<VirtualHost *:443>
ServerName webmail.somedomain.com
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/etc/apps/webmail/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/somedomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/somedomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/somedomain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>

<virtualhost *:80>
ServerName webmail.somedomain.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Does adding this solves the issue?

Code:
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
Also, do I need this?
Code:
php_admin_value open_basedir /var/sentora/temp/:/etc/sentora/panel/etc/apps/webmail:/var/sentora/logs/roundcube
Find
Reply
Thanks given by:


Messages In This Thread
RE: Using Custom Vhost Entries for Webmail, MySQL, Etc. - by iraqiboy90 - 04-17-2020, 11:45 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
SSL and Custom Vhost Entries for Webmail etienne7702 5 14 ,463 03-08-2018, 09:54 PM
Last Post: etienne7702
How to overwrite default admin. vhost? NIicK 1 6 ,496 03-27-2016, 01:16 AM
Last Post: Me.B
Roundcube Webmail https path pthalmann 0 4 ,589 12-29-2014, 09:09 AM
Last Post: pthalmann

Forum Jump:


Users browsing this thread: 2 Guest(s)