Control Web Panel

WebPanel => Apache => Nginx => Topic started by: ppalma8 on March 26, 2025, 05:41:00 PM

Title: Restrict access to a cwp_service
Post by: ppalma8 on March 26, 2025, 05:41:00 PM

I cannot see another way to restrict access by IP to a pre configured CWP service such as round cube or php my admin

In this example phpmyadmin  /pma when running Nginx other than to edit for example:

usr/local/cwpsrv/conf/cwp_services.conf

And under the location for pma:

location /pma {
    if ($http_x_real_ip != XXX.XXX.XXX.XXX) {
                return 404;
        }
}

Is there a better way to do this using CWP ?

Title: Re: Restrict access to a cwp_service
Post by: overseer on March 26, 2025, 09:19:45 PM

Would the CSF firewall work for you, or are you trying to be very selective about individual services?

Title: Re: Restrict access to a cwp_service
Post by: Netino on March 27, 2025, 02:06:15 AM

Quote from: ppalma8 on March 26, 2025, 05:41:00 PM

(...)
Is there a better way to do this using CWP ?

Create a file /usr/local/cwpsrv/conf/security.conf with the following content:

Code: [Select]

    #...
    satisfy any;

    allow 192.168.1.1/24;
    allow 127.0.0.1;
    deny  all;

    auth_basic           "Restricted access";
    auth_basic_user_file conf/ht_passwd;
Choose yours IP adresses, and/or define additional authentication on cwpsrv.

Create a file '/usr/local/cwpsrv/conf/ht_passwd' with your passwords:

Code: [Select]

# /usr/local/apache/bin/htpasswd /usr/local/cwpsrv/conf/ht_passwd

In file '/usr/local/cwpsrv/conf/cwp_services.conf', change your directive to:

Code: [Select]

location /pma {
    root /usr/local/cwpsrv/var/services;
    index  index.html index.htm index.php;
    include /usr/local/cwpsrv/conf/security.conf;
    (...)
}
...and restart cwp on the panel, or with the command:

Code: [Select]

# /scripts/restart_cwpsrv
Regards,
Netino

Title: Re: Restrict access to a cwp_service
Post by: overseer on March 27, 2025, 05:28:46 PM

As an aside, does anyone actually use an index file named "index.htm"? I have deleted that possibility from my servers ages ago and only support index.php and index.html as possibilities for the index directive.

Title: Re: Restrict access to a cwp_service
Post by: ppalma8 on March 29, 2025, 12:48:12 PM

Sorry I just read your post again so with this conf file Nginx will apply the apache directives:

cwp_services.conf

Is this necessary? or I can just continue with my Nginx conf to filter i.p access to certain directories / urls ?

Thanks, however I always find Apache Directives get ignored when running Nginx in CWP .

What am I missing that means the apache directives don't work, are you running Nginx ?

Quote from: Netino on March 27, 2025, 02:06:15 AM

Quote from: ppalma8 on March 26, 2025, 05:41:00 PM

(...)
Is there a better way to do this using CWP ?

Create a file /usr/local/cwpsrv/conf/security.conf with the following content:

Code: [Select]

    #...
    satisfy any;

    allow 192.168.1.1/24;
    allow 127.0.0.1;
    deny  all;

    auth_basic           "Restricted access";
    auth_basic_user_file conf/ht_passwd;
Choose yours IP adresses, and/or define additional authentication on cwpsrv.

Create a file '/usr/local/cwpsrv/conf/ht_passwd' with your passwords:

Code: [Select]

# /usr/local/apache/bin/htpasswd /usr/local/cwpsrv/conf/ht_passwd

In file '/usr/local/cwpsrv/conf/cwp_services.conf', change your directive to:

Code: [Select]

location /pma {
    root /usr/local/cwpsrv/var/services;
    index  index.html index.htm index.php;
    include /usr/local/cwpsrv/conf/security.conf;
    (...)
}
...and restart cwp on the panel, or with the command:

Code: [Select]

# /scripts/restart_cwpsrv
Regards,
Netino