Secure /admin-toaster/

From QmailToaster
Revision as of 13:52, 19 October 2024 by Ebroch (talk | contribs)
Jump to navigation Jump to search

Back

Secures qmailadmin, vqadmin, qmailmrtq, and isoqlog, SSL & aclnet (change aclnet to suit)

# cat > temp.txt << __EOF__
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Define aclnet "192.168.2.0/24 192.168.9.0/24 127.0.0.1"
__EOF__

# mv /etc/httpd/conf/toaster.conf /etc/httpd/conf/toaster.conf.bak
#  sed -e '$r /etc/httpd/conf/toaster.conf.bak' temp.txt > /etc/httpd/conf/toaster.conf
# remove temp.txt
# cat /etc/httpd/conf/toaster.conf

 RewriteEngine On
 RewriteCond %{HTTPS} !=on
 RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
 Define aclnet "172.16.1.0/24 192.168.9.0/24 127.0.0.1"
 <IfModule mod_alias.c>
    ScriptAlias /mail/ /usr/share/toaster/cgi-bin/
    Alias /admin-toaster /usr/share/toaster/htdocs/admin/
    Alias /stats-toaster/ /usr/share/toaster/htdocs/mrtg/
    Alias /images-toaster/ /usr/share/toaster/htdocs/images/
    Alias /scripts/ /usr/share/toaster/htdocs/scripts/
    Alias /qmailadmin /usr/share/qmailadmin/
 </IfModule>
 <Directory /usr/share/qmailadmin>
    AddHandler cgi-script .cgi
    AddHandler cgi-script qmailadmin
    DirectoryIndex index.cgi qmailadmin index.html
    Options +Indexes +FollowSymLinks +ExecCGI
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs>
    Options -Indexes +FollowSymLinks +MultiViews
    AllowOverride All
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs/admin>
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    Require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/htdocs/mrtg>
    AllowOverride All
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    Require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/cgi-bin/vqadmin>
    AllowOverride All
    Options ExecCGI
    <RequireAll>
    AuthType Basic
    AuthName "Qmail Toaster v. 1.3 Admin"
    AuthUserFile /usr/share/toaster/include/admin.htpasswd
    require valid-user
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
 <Directory /usr/share/toaster/cgi-bin>
    AllowOverride All
    Options ExecCGI
    <RequireAll>
    Require ip ${aclnet}
    </RequireAll>
 </Directory>
Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=Secure_/admin-toaster/&oldid=1448"