Secure admin panel

**Nuxwin** · Mar 22nd 2013

Quote from Ninos

Some people want to secure their admin panel. That means prevent automatical redirects to the login panel when browsing non existing subdomains oder ip of the server. Here's a howto, to solve this problem. (for debian squeeze, should be work with other dist)

go to /etc/imscp/apache/

edit 00_master_fcgi.conf and 00_master_itk.conf
Before the first VirtualHost
set:

Code

<VirtualHost {BASE_SERVER_IP}:80> DocumentRoot {APACHE_WWW_DIR}/default</VirtualHost>

edit 00_master_ssl_fcgi.conf and 00_master_ssl_itk.conf
Before the first VirtualHost
set:

Code

<VirtualHost {BASE_SERVER_IP}:443> # # SSL Start # SSLEngine On SSLCertificateFile {GUI_CERT_DIR}/{SERVER_HOSTNAME}.pem SSLCertificateKeyFile {GUI_CERT_DIR}/{SERVER_HOSTNAME}.pem SSLCertificateChainFile {GUI_CERT_DIR}/{SERVER_HOSTNAME}.pem # # SSL End # DocumentRoot {APACHE_WWW_DIR}/default</VirtualHost>

Now create a folder /var/www/virtual/default and create there an index.html or a .htaccess for redirect to another domain..

generate new config files and restart the services

Code

perl /var/www/imscp/engine/setup/imscp-setup

If you want to prevent the redirects /pma /imscp /webmail and /ftp you can solve it in this way..
go to /etc/imscp/apache/parts/
edit there all existing config-files with the lines RedirectMatch and exclude this lines with #

Code

RedirectMatch permanent ^/ftp[\/]?$RedirectMatch permanent ^/pma[\/]?$RedirectMatch permanent ^/webmail[\/]?$RedirectMatch permanent ^/imscp[\/]?$

generate new config files and restart the services

Code

perl /var/www/imscp/engine/setup/imscp-setup

PS: maybe the devs can include it in the next version of i-mscp

Display More

Re ;

I'll include it if you want in my next commit. Anyway, some review should be made here since BASE_SERVER_IP doesn't cover all situation.

Thanks you for using i-MSCP.

mafioso · Mar 22nd 2013

Sure, that would be very great! :))

**fulltilt** · Mar 22nd 2013

this would be nice, but also it would be better if PMA and Web-FTP could be reachable w/ ControlPanel session only
many thanks nuxwin, great work !!!

**Nuxwin** · Mar 22nd 2013

Quote from fulltilt

this would be nice, but also it would be better if PMA and Web-FTP could be reachable w/ ControlPanel session only
many thanks nuxwin, great work !!!

Hello ;

No We will not do that. Both PMA and filemanager provide their own authentication layer. I don't really understand why you want do such thing.

Thanks you for using i-MSCP.

**fulltilt** · Mar 30th 2013

Quote from Nuxwin

No We will not do that. Both PMA and filemanager provide their own authentication layer. I don't really understand why you want do such thing.

OK, but what do you think about Captcha for all the Login Pages also for ControlPanel?

**Cool** · Mar 30th 2013

you as server-admin can + any security (often just obscurity no real security) at any time. this is not relaying on i-mscp and goes allways into your first
security planning for your very own security policy.

**Mutschas** · Dec 27th 2013

Hi,

will /webmail /pma etc still work, if the user is at the fully qualified domain? I mean where the i-MSCP login panel is?

Thanks.

mafioso · Dec 28th 2013

Yes sure, this config just catch not defined urls and shows for them the configured default server page. Atm you get the control panel, if you type a not used subdomain or ip of the server. The defined urls (defined link to control panel, domains, subdomains...) should still work like before.

mafioso · Jan 15th 2014

A little question to Nuxwin

Is it still plant to implement this feature into imscp, because the status was changed into "In Progress" before some months but there was no change. It's just a question, so don't feel stressed

**Nuxwin** · Jan 15th 2014

Hello ;

I'll provide an hook file for that. I've an idea to do it with only one rewrite rule

Secure admin panel

Share

Similar Threads

Using certbot besides i-MSCP

Daily visitors