hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Software and Control Panels : Cpanel (and others?) 511 error, shared secure certificate, etc. I have a solution.
Reply

Forum Jump

Cpanel (and others?) 511 error, shared secure certificate, etc. I have a solution.

Reply Post New Thread In Hosting Software and Control Panels Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
New Member
 
Join Date: Mar 2003
Location: Helena, MT
Posts: 2

Cpanel (and others?) 511 error, shared secure certificate, etc. I have a solution.


**background information**
The ability to specify http://ip-address/~username/ to allow a new customer to access thier account before the dns propagates is an essential part of our business. Also many of us offer shared secure certificates via something like https://secure.domain.com/~username/.

Unfortunately, having the ability to do this leaves you open to http://www.customer-domain.com/~othe...omer-username. This allows the OTHER customer to leech the bandwidth of another customer. This is obviously unacceptable.

There is the bwprotect module for apache that prevents /~user to a user through a domain that isn't owned by that user. I am not sure if this is tied to cpanel or looks at permissions, either way its moot.

The option to disable the ability to /~user is not acceptable to us, yet with bwprotect we cannot offer services we wish to offer.

I have developed a solution to both problems, but it requires direct editing of your httpd.conf (For now until cpanel and others pick up on this.)
** end background**


**the follow I initially posted in the cpanel support forum.**
I've developed a work around for the now infamous "511 access not allowed from this domain" error. This isnít going to leave you open for leeching, or deny you the ability to do a shared secure certificate or provide access before propagation occurs.

As we know, the culprit for this problem is the bwprotect module. So letís get rid of that.

Find these two lines in your httpd.conf (most likely found in /etc/httpd/conf)

LoadModule bwprotect_module libexec/mod_bwprotect.so
And
AddModule mod_bwprotect.c

Comment them out by placing a # in front of them. (I know, itís rudimentary.)

Okay now that we have bwprotect turned off, we have a problem, people can leech bandwidth again from other accounts.

So now we need to turn off the ability to /~user completely.

Find the following section in the server config part of httpd.conf:

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

and change it to

<IfModule mod_userdir.c>
UserDir disabled
</IfModule>

Oh dear. Now we are back where we have always been, and now /~user doesnít work at all. No more shared secure certificate, no more access before propagation. What are we to do?

Read the apache documentation, notice that the UserDir directive can fit within the scope of a VirtualHost!

So lets find a suitable virtualhost section, say the one you use for your shared certificate.

Add the following:

<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

Well that solves the problem, now shared certificates work, and Iím sure you can figure out how to apply this to an IP based VirtualHost (or any VirtualHost for that matter!) to allow users access before propagation, or for a customer to leech between his own accounts.

But I have ANOTHER treat for you all! We can control what usernames are allowed to be accessed!

Instead of the above in a VirtualHost section do the following:

<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled
UserDir enabled username1 username2 username3Ö
</IfModule>

This expressly allows only certain users. Optionally:

<IfModule mod_userdir.c>
UserDir public_html
UserDir enabled
UserDir disabled username1 username2 username3Ö
</IfModule>

And this would expressly deny certain users to be accessed.

Obviously restart apache for the changes to take effect!

With all of the above everybody ought to be able to protect their users bandwidth, while maintaining the ability to have a shared certificate or provide access prior to propagation.

Additionally, you now have control over specifically WHICH users may be accessed this way! This means you can prevent that 5GB a day site from leeching bandwidth through the shared secure certificate (and increasing CPU load because of encryption), or prevent people from abusing the courtesy of providing access before propagation.

I hope everybody has found this fun and informative, as well as very useful. I would like to point out I have already submitted a feature request built around this system. I am sure that we will see a nice way of doing this through WHM in the future as this is obviously a cure for something that has caused a lot of headaches for people.

http://httpd.apache.org/docs/mod/mod_userdir.html is the official documentation for apache that covers this specific topic. Iím quite surprised I was unable to find this same solution posted already.

Sincerely,
Cody Frisch, InterSurge LLC.



Sponsored Links
Reply

Related posts from TheWhir.com
Title Type Date Posted
SiteAutoBackup.Com Listing 2014-12-10 12:45:12
CloudLinux Releases New Inode Limits Feature for cPanel Web Hosting News 2013-08-28 16:38:27
Web Hosting Sales and Promos Roundup ‚Äď June 28, 2013 Web Hosting News 2014-05-23 15:43:01
Enterprises Trust SaaS Certificate Authorities Over Internal CAs: GlobalSign Report Web Hosting News 2013-03-28 12:00:55
Expired SSL Certificate Brings Down Windows Azure Cloud Web Hosting News 2013-02-25 10:38:00


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?