Re: secure GUI admin port

Thread: Re: secure GUI admin port

Search this list only Search all lists
Re: secure GUI admin port
Canada	2008-05-07 12:02:42
You can have as many websites running from the same address as you have ports available. The all intents and purposes the admin pages and the webmail pages are seperate sites which is why they use different ports. The only way to use the same port is to use different IP addresses and bind each site to a single address. The fact that webmail runs from example.com/scripts/webmail.exe and the admin pages run from example.com is meaningless except for the port number in use. Webmail is using the default http port of 80 unless you switch it to use https (which you've indicated that you did). Since that admin pages can't use port 80 they are access via 7025 and thus - it works. So, yes it applies to your case. If you want to work around a firewall issue that you don't have access to change then you'll have to assigne a second IP to your nic and bind webmail to one ip and the admin to the other ip. Then you can use the same port number. ----- Original Message ----- From: "nospam" <nospameton.ca> To: surgemail-listnetwinsite.com Subject: Re: [SurgeMail List] secure GUI admin port Date: Wed, 07 May 2008 11:05:57 -0500 >Kevin > >Thanks for the quick answer. But is it correct in my case? > >I have given complete control of HTPPS to SM and the URL for >webmail is: > >https://w ww.example.com/scripts/webmail.exe > >The only link I can see for admin is: > >https://www.example.com :7025/ > >but that is because I am inside this firewall that refuses >to connect me to that link. I am hoping that it redirects to >something like: > >https: //www.example.com:7025/scripts/admin.exe > >I can't think of why the scripts would need dedicated ports, >except for the initial redirect. > >Neil > > >----- Original Message Follows ----- >From: "Kevin W. Gagel" <gagelcnc.bc.ca> >To: surgemail-listnetwinsite.com >Subject: Re: [SurgeMail List] secure GUI admin port >Date: Wed, 07 May 2008 08:38:05 -0700 > >>Only if your server has more than one IP bound to the nic. >>Otherwise the two app's would be in conflict over the port. >> >>----- Original Message ----- >>From: "nospam" <nospameton.ca> >>To: "surgemail-listnetwinsite.com" >><surgemail-listnetwinsite.com> Subject: [SurgeMail List] >>secure GUI admin port Date: Wed, 07 May 2008 10:23:16 -0500 >> >>>I have webmail running on the same Windows box as SM and I >>>have set the secure webmail port to the standard HTTPS >>>443. >>>Is there anyway to also have the secure admin GUI use 443? >>>My thinking is that the answer should be yes, because they >>>should have different URLs. But I am 6 time zones away >>>from the server and my brain is foggy. >>> >>>The reason I want to do this is that local firewalls lock >>>down all ports except standard HTTP and HTTPS. >>> >>>Neil >>> >> >>------------------------------------------ >>Kevin W. Gagel >>Postmaster for >>College of New Caledonia >>(250) 562-2131 loc. 5448 >>postmastercnc.bc.ca >>http://www.cnc.bc.ca >>Anti-Spam info at: >>http://avas.cnc.bc.ca >> >> >>---------------------------------------------------- ------- >>-------- The College of New Caledonia, Visit us at >>http://www.cnc.bc.ca Virus scanning is done on all incoming >>and outgoing email. Anti-spam information for CNC can be >>found at http://gateway.cnc.bc.ca >>---------------------------------------------------- ------- >>-------- >> > ------------------------------------------ Kevin W. Gagel Postmaster for College of New Caledonia (250) 562-2131 loc. 5448 postmastercnc.bc.ca http://www.cnc.bc.ca Anti-Spam info at: http://avas.cnc.bc.ca ------------------------------------------------------------ ------- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://gateway.cnc.bc.ca ------------------------------------------------------------ -------

Re: secure GUI admin port
Canada	2008-05-07 17:50:55
Thanks for the answer - even though it isn't what I wanted to hear. I don't understand why NetWin doesn't use virtual hosting for the various processes, then I would only need one IP and one port. Neil Kevin W. Gagel wrote, on 2008-05-07 1:02 PM: > You can have as many websites running from the same address as you have > ports available. > > The all intents and purposes the admin pages and the webmail pages are > seperate sites which is why they use different ports. > > The only way to use the same port is to use different IP addresses and bind > each site to a single address. > > The fact that webmail runs from example.com/scripts/webmail.exe and the > admin pages run from example.com is meaningless except for the port number > in use. Webmail is using the default http port of 80 unless you switch it > to use https (which you've indicated that you did). Since that admin pages > can't use port 80 they are access via 7025 and thus - it works. > > So, yes it applies to your case. If you want to work around a firewall > issue that you don't have access to change then you'll have to assigne a > second IP to your nic and bind webmail to one ip and the admin to the other > ip. Then you can use the same port number. > ----- Original Message ----- > From: "nospam" <nospameton.ca> > To: surgemail-listnetwinsite.com > Subject: Re: [SurgeMail List] secure GUI admin port > Date: Wed, 07 May 2008 11:05:57 -0500 > >> Kevin >> >> Thanks for the quick answer. But is it correct in my case? >> >> I have given complete control of HTPPS to SM and the URL for >> webmail is: >> >> https://w ww.example.com/scripts/webmail.exe >> >> The only link I can see for admin is: >> >> https://www.example.com :7025/ >> >> but that is because I am inside this firewall that refuses >> to connect me to that link. I am hoping that it redirects to >> something like: >> >> https: //www.example.com:7025/scripts/admin.exe >> >> I can't think of why the scripts would need dedicated ports, >> except for the initial redirect. >> >> Neil >> >> >> ----- Original Message Follows ----- >> From: "Kevin W. Gagel" <gagelcnc.bc.ca> >> To: surgemail-listnetwinsite.com >> Subject: Re: [SurgeMail List] secure GUI admin port >> Date: Wed, 07 May 2008 08:38:05 -0700 >> >>> Only if your server has more than one IP bound to the nic. >>> Otherwise the two app's would be in conflict over the port. >>> >>> ----- Original Message ----- >>> From: "nospam" <nospameton.ca> >>> To: "surgemail-listnetwinsite.com" >>> <surgemail-listnetwinsite.com> Subject: [SurgeMail List] >>> secure GUI admin port Date: Wed, 07 May 2008 10:23:16 -0500 >>> >>>> I have webmail running on the same Windows box as SM and I >>>> have set the secure webmail port to the standard HTTPS >>>> 443. >>>> Is there anyway to also have the secure admin GUI use 443? >>>> My thinking is that the answer should be yes, because they >>>> should have different URLs. But I am 6 time zones away >>> >from the server and my brain is foggy. >>>> The reason I want to do this is that local firewalls lock >>>> down all ports except standard HTTP and HTTPS. >>>> >>>> Neil >>>> >>> ------------------------------------------ >>> Kevin W. Gagel

Re: secure GUI admin port
United States	2008-05-07 17:59:54
I have kind of a related question, I have one client on vhost that wants their own SSL cert If that is the only one (out of about 60) can I still use a single IP address? Or do I need another one for that address > > -- Len Engel Horizon Internet Solutions, LLC www.horizon-internet.com Boise, Idaho USA

Re: secure GUI admin port
United States	2008-05-07 18:16:06
For web sites, certificates should always be bound to a static IP, unless you are attempting to share a certificate (such as a wildcard certificate for one domain). With HTTP on a shared IP, the host header (part of the HTTP/1.1 protocol) is send with the request from the client (usually a web browser). This host header can be used to indentify the site. With HTTPS, the SSL/TLS negotiation is done before the host header is sent. Consequently, there is no way for the server to know which certificate to use unless you bind the site to an exclusive IP address. I do not know about other protocols such at POP3, IMAP4, SMTP, etc., but I would imagine the situation is similar. You could bind that certificate to your main IP. However, since all of your clients are sharing the same IP, then the result is that they would all share the same certificate. Jim L. ----- Original Message ----- From: "Len Engel" <lenhorizon-internet.com> To: <surgemail-listnetwinsite.com> Sent: Wednesday, May 07, 2008 6:59 PM Subject: Re: [SurgeMail List] secure GUI admin port >I have kind of a related question, I have one client on vhost that wants >their own SSL cert > > If that is the only one (out of about 60) can I still use a single IP > address? Or do I need another one for that address > > >> >> > > -- > Len Engel > Horizon Internet Solutions, LLC > www.horizon-internet.com > Boise, Idaho USA > > >

Re: secure GUI admin port
Canada	2008-05-07 18:20:12
I have only one IP. I like the different port solution as I can reuse my SSl Cert for each application port. To get around the remote firewall issue you need a reverse Proxy at your servers end of the net. http: //www.apachetutor.org/admin/reverseproxies I have not set one up, but may do so in case I run into some overprotected internet access location. You would use the SSL connection to Apache and it would rewrite the requests to the SurgeMail ports. You would have to check all the reverse rewrite stuff for cookies etc. Steve Hume On 7-May-08, at 6:50 PM, Neil Herber wrote: > Thanks for the answer - even though it isn't what I wanted to hear. > I don't understand why NetWin doesn't use virtual hosting for the > various processes, then I would only need one IP and one port. > > Neil > > Kevin W. Gagel wrote, on 2008-05-07 1:02 PM: >> You can have as many websites running from the same address as you >> have >> ports available. >> The all intents and purposes the admin pages and the webmail pages >> are >> seperate sites which is why they use different ports. >> The only way to use the same port is to use different IP addresses >> and bind >> each site to a single address. >> The fact that webmail runs from example.com/scripts/webmail.exe and >> the >> admin pages run from example.com is meaningless except for the port >> number >> in use. Webmail is using the default http port of 80 unless you >> switch it >> to use https (which you've indicated that you did). Since that >> admin pages >> can't use port 80 they are access via 7025 and thus - it works. >> So, yes it applies to your case. If you want to work around a >> firewall >> issue that you don't have access to change then you'll have to >> assigne a >> second IP to your nic and bind webmail to one ip and the admin to >> the other >> ip. Then you can use the same port number. >> ----- Original Message ----- >> From: "nospam" <nospameton.ca> >> To: surgemail-listnetwinsite.com >> Subject: Re: [SurgeMail List] secure GUI admin port >> Date: Wed, 07 May 2008 11:05:57 -0500 >>> Kevin >>> >>> Thanks for the quick answer. But is it correct in my case? >>> >>> I have given complete control of HTPPS to SM and the URL for >>> webmail is: >>> >>> https://w ww.example.com/scripts/webmail.exe >>> >>> The only link I can see for admin is: >>> >>> https://www.example.com :7025/ >>> >>> but that is because I am inside this firewall that refuses >>> to connect me to that link. I am hoping that it redirects to >>> something like: >>> >>> https: //www.example.com:7025/scripts/admin.exe >>> >>> I can't think of why the scripts would need dedicated ports, >>> except for the initial redirect. >>> >>> Neil >>> >>> >>> ----- Original Message Follows ----- >>> From: "Kevin W. Gagel" <gagelcnc.bc.ca> >>> To: surgemail-listnetwinsite.com >>> Subject: Re: [SurgeMail List] secure GUI admin port >>> Date: Wed, 07 May 2008 08:38:05 -0700 >>> >>>> Only if your server has more than one IP bound to the nic. >>>> Otherwise the two app's would be in conflict over the port. >>>> >>>> ----- Original Message ----- >>>> From: "nospam" <nospameton.ca> >>>> To: "surgemail-listnetwinsite.com" >>>> <surgemail-listnetwinsite.com> Subject: [SurgeMail List] >>>> secure GUI admin port Date: Wed, 07 May 2008 10:23:16 -0500 >>>> >>>>> I have webmail running on the same Windows box as SM and I >>>>> have set the secure webmail port to the standard HTTPS >>>>> 443. Is there anyway to also have the secure admin GUI use 443? >>>>> My thinking is that the answer should be yes, because they >>>>> should have different URLs. But I am 6 time zones away >>>> >from the server and my brain is foggy. >>>>> The reason I want to do this is that local firewalls lock >>>>> down all ports except standard HTTP and HTTPS. >>>>> >>>>> Neil >>>>> >>>> ------------------------------------------ >>>> Kevin W. Gagel >

Re: secure GUI admin port
United States	2008-05-07 18:28:14
Neil, Are you referring to the server administration interface or the user/domain adminstration interfaces? I believe the server administration site must be on a dedicated port. However, I am able to get to the secure webmail, user admin, and domain admin sites using one port. This works for me. https: //mail.example.tld:7443/cgi/domadmin.cgi https://ma il.example.tld:7443/cgi/user.cgi htt ps://mail.example.tld:7443/scripts/webmail.exe I have left the port at the default of 7443. I could, however, change it if I was so inclined and I believe it would still work the same way. Jim L. ----- Original Message ----- From: "Neil Herber" <nospameton.ca> To: <surgemail-listnetwinsite.com> Sent: Wednesday, May 07, 2008 6:50 PM Subject: Re: [SurgeMail List] secure GUI admin port > Thanks for the answer - even though it isn't what I wanted to hear. I > don't understand why NetWin doesn't use virtual hosting for the various > processes, then I would only need one IP and one port. > > Neil > > Kevin W. Gagel wrote, on 2008-05-07 1:02 PM: >> You can have as many websites running from the same address as you have >> ports available. >> >> The all intents and purposes the admin pages and the webmail pages are >> seperate sites which is why they use different ports. >> >> The only way to use the same port is to use different IP addresses and >> bind >> each site to a single address. >> >> The fact that webmail runs from example.com/scripts/webmail.exe and the >> admin pages run from example.com is meaningless except for the port >> number >> in use. Webmail is using the default http port of 80 unless you switch it >> to use https (which you've indicated that you did). Since that admin >> pages >> can't use port 80 they are access via 7025 and thus - it works. >> >> So, yes it applies to your case. If you want to work around a firewall >> issue that you don't have access to change then you'll have to assigne a >> second IP to your nic and bind webmail to one ip and the admin to the >> other >> ip. Then you can use the same port number. >> ----- Original Message ----- >> From: "nospam" <nospameton.ca> >> To: surgemail-listnetwinsite.com >> Subject: Re: [SurgeMail List] secure GUI admin port >> Date: Wed, 07 May 2008 11:05:57 -0500 >> >>> Kevin >>> >>> Thanks for the quick answer. But is it correct in my case? >>> >>> I have given complete control of HTPPS to SM and the URL for >>> webmail is: >>> >>> https://w ww.example.com/scripts/webmail.exe >>> >>> The only link I can see for admin is: >>> >>> https://www.example.com :7025/ >>> >>> but that is because I am inside this firewall that refuses >>> to connect me to that link. I am hoping that it redirects to >>> something like: >>> >>> https: //www.example.com:7025/scripts/admin.exe >>> >>> I can't think of why the scripts would need dedicated ports, >>> except for the initial redirect. >>> >>> Neil >>> >>> >>> ----- Original Message Follows ----- >>> From: "Kevin W. Gagel" <gagelcnc.bc.ca> >>> To: surgemail-listnetwinsite.com >>> Subject: Re: [SurgeMail List] secure GUI admin port >>> Date: Wed, 07 May 2008 08:38:05 -0700 >>> >>>> Only if your server has more than one IP bound to the nic. >>>> Otherwise the two app's would be in conflict over the port. >>>> >>>> ----- Original Message ----- >>>> From: "nospam" <nospameton.ca> >>>> To: "surgemail-listnetwinsite.com" >>>> <surgemail-listnetwinsite.com> Subject: [SurgeMail List] >>>> secure GUI admin port Date: Wed, 07 May 2008 10:23:16 -0500 >>>> >>>>> I have webmail running on the same Windows box as SM and I >>>>> have set the secure webmail port to the standard HTTPS >>>>> 443. Is there anyway to also have the secure admin GUI use 443? >>>>> My thinking is that the answer should be yes, because they >>>>> should have different URLs. But I am 6 time zones away >>>> >from the server and my brain is foggy. >>>>> The reason I want to do this is that local firewalls lock >>>>> down all ports except standard HTTP and HTTPS. >>>>> >>>>> Neil >>>>> >>>> ------------------------------------------ >>>> Kevin W. Gagel > >

[1-6]

about | contact Other archives ( Real Estate discussion Medical topics )