Secure /admin-toaster/: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
No edit summary
Tag: Manual revert
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Configuration#Secure_Qmail_web_administration|Back]]<br>
[[Configuration#Secure_/admin-toaster/|Back]]<br>


= Secures qmailadmin, vqadmin, qmailmrtq, and isoqlog =
= Secures qmailadmin, vqadmin, qmailmrtq, and isoqlog, SSL & aclnet (modify aclnet to suit)=
Change /admin-toaster/ admin password
# htpasswd -b /usr/share/toaster/include/admin.htpasswd admin 'password'


Secure /admin-toaster/
# cat > temp.txt << __EOF__
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Define aclnet "192.168.2.0/24 192.168.9.0/24 127.0.0.1"
__EOF__<br>
# mv /etc/httpd/conf/toaster.conf /etc/httpd/conf/toaster.conf.bak
# sed -e '$r /etc/httpd/conf/toaster.conf.bak' temp.txt > /etc/httpd/conf/toaster.conf
# remove temp.txt
# cat /etc/httpd/conf/toaster.conf
<pre>
<pre>
  RewriteEngine On
  RewriteEngine On

Latest revision as of 14:07, 19 October 2024

Back

Secures qmailadmin, vqadmin, qmailmrtq, and isoqlog, SSL & aclnet (modify aclnet to suit)

Change /admin-toaster/ admin password

# htpasswd -b /usr/share/toaster/include/admin.htpasswd admin 'password'

Secure /admin-toaster/

# cat > temp.txt << __EOF__
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Define aclnet "192.168.2.0/24 192.168.9.0/24 127.0.0.1"
__EOF__
# mv /etc/httpd/conf/toaster.conf /etc/httpd/conf/toaster.conf.bak # sed -e '$r /etc/httpd/conf/toaster.conf.bak' temp.txt > /etc/httpd/conf/toaster.conf # remove temp.txt # cat /etc/httpd/conf/toaster.conf
 RewriteEngine On
 RewriteCond %{HTTPS} !=on
 RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
 Define aclnet "172.16.1.0/24 192.168.9.0/24 127.0.0.1"
 <IfModule mod_alias.c>
    ScriptAlias /mail/ /usr/share/toaster/cgi-bin/
    Alias /admin-toaster /usr/share/toaster/htdocs/admin/
    Alias /stats-toaster/ /usr/share/toaster/htdocs/mrtg/
    Alias /images-toaster/ /usr/share/toaster/htdocs/images/
    Alias /scripts/ /usr/share/toaster/htdocs/scripts/
    Alias /qmailadmin /usr/share/qmailadmin/
 </IfModule>
 <Directory /usr/share/qmailadmin>
    AddHandler cgi-script .cgi
    AddHandler cgi-script qmailadmin
    DirectoryIndex index.cgi qmailadmin index.html
    Options +Indexes +FollowSymLinks +ExecCGI
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs>
    Options -Indexes +FollowSymLinks +MultiViews
    AllowOverride All
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs/admin>
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    Require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs/mrtg>
    AllowOverride All
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    Require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/cgi-bin/vqadmin>
    AllowOverride All
    Options ExecCGI
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/cgi-bin>
    AllowOverride All
    Options ExecCGI
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>