Secure /admin-toaster/

From QmailToaster
Revision as of 12:51, 19 October 2024 by Ebroch (talk | contribs)
Jump to navigation Jump to search

Back

Secures qmailadmin, vqadmin, qmailmrtq, and isoqlog, Forces HTTPS and aclnet

# cat > temp.txt << __EOF__
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Define aclnet "192.168.2.0/24 192.168.9.0/24 127.0.0.1"
__EOF__
# mv /etc/httpd/conf/toaster.conf /etc/httpd/conf/toaster.conf.bak # sed -e '$r /etc/httpd/conf/toaster.conf.bak' temp.txt > /etc/httpd/conf/toaster.conf # remove temp.txt # cat /etc/httpd/conf/toaster.conf
 RewriteEngine On
 RewriteCond %{HTTPS} !=on
 RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
 Define aclnet "172.16.1.0/24 192.168.9.0/24 127.0.0.1"
 <IfModule mod_alias.c>
    ScriptAlias /mail/ /usr/share/toaster/cgi-bin/
    Alias /admin-toaster /usr/share/toaster/htdocs/admin/
    Alias /stats-toaster/ /usr/share/toaster/htdocs/mrtg/
    Alias /images-toaster/ /usr/share/toaster/htdocs/images/
    Alias /scripts/ /usr/share/toaster/htdocs/scripts/
    Alias /qmailadmin /usr/share/qmailadmin/
 </IfModule>
 <Directory /usr/share/qmailadmin>
    AddHandler cgi-script .cgi
    AddHandler cgi-script qmailadmin
    DirectoryIndex index.cgi qmailadmin index.html
    Options +Indexes +FollowSymLinks +ExecCGI
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs>
    Options -Indexes +FollowSymLinks +MultiViews
    AllowOverride All
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs/admin>
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    Require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs/mrtg>
    AllowOverride All
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    Require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/cgi-bin/vqadmin>
    AllowOverride All
    Options ExecCGI
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/cgi-bin>
    AllowOverride All
    Options ExecCGI
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>