Latest Webmin update 6.09-3 fixed my dovecot but default website for ipaddress is wrong

adamjedgar · May 13, 2020, 11:42pm

Hi guys,
I just thought i would let you know, the latest webmin update released overnight 6.09-3 seems to have fixed my dovecot errors on my system.

I am still having problem with the default website for ipaddress on the server…it started throwing “too many redirects error”

*# This page isn’t working*

***domain.com*  redirected you too many times.*

** [Try clearing your cookies](https://support.google.com/chrome?p=rl_error&hl=en-US).*

*ERR_TOO_MANY_REDIRECTS*

I have 3 browsers on my system…none of them will open this webpage.

I disabled SSL website for this domain (keeping just the apache http website enabled)
now the server is ignoring the setting i have in virtualmin
apache is redirecting to the first domain on the server (which is not my own…its a client one).

I checked Virtualmin and my domain is set in Virtualmin>Virtualmin Configuration>Wesite Options> Default website for ipaddress = Yes , however apache is ignoring the setting in virtualmin!

Can someone explain what is going on here? How did this happen? The webmin 6.09-3 update has not fixed this issue even though the other update caused it!

adamjedgar · May 14, 2020, 12:03am

can someone check the following…
It there anything in here that is obviously wrong that could be causing too many redirects on my primary website for the server?

/etc/apache2/sites-enabled/0-tesla.com.conf

(substituting tesla.com for my domain obviously)

<VirtualHost 104.156.233.188:80 [fe80::5400:1ff:fef1:5674]:80>
SuexecUserGroup “#1003” “#1003”
ServerName tesla.com
ServerAlias www.tesla.com
ServerAlias mail.tesla.com
ServerAlias webmail.tesla.com
ServerAlias admin.tesla.com
DocumentRoot /home/tesla/public_html
ErrorLog /var/log/virtualmin/tesla.com_error_log
CustomLog /var/log/virtualmin/tesla.com_access_log combined
ScriptAlias /cgi-bin/ /home/tesla/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/tesla/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php

<Directory /home/tesla/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.tesla.com
RewriteRule ^(.) https://tesla.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.tesla.com
RewriteRule ^(.) https://tesla.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5.6
RemoveHandler .php7.0
RemoveHandler .php7.1
RemoveHandler .php7.2
RemoveHandler .php7.3
RemoveHandler .php7.4
#php_admin_value engine Off
#php_admin_value engine Off
RedirectMatch ^/(?!.well-known)(.)$ https://tesla.com/$1
RedirectMatch ^/(?!.well-known)(.)$ https://tesla.com/$1
RedirectMatch ^/(?!.well-known)(.)$ https://tesla.com/$1
RedirectMatch ^/(?!.well-known)(.)$ https://tesla.com/$1
<FilesMatch .php$>
SetHandler proxy:fcgi://localhost:8000

<VirtualHost 104.156.233.188:443 [fe80::5400:1ff:fef1:5674]:443>
SuexecUserGroup “#1003” “#1003”
ServerName tesla.com
ServerAlias www.tesla.com
ServerAlias mail.tesla.com
ServerAlias webmail.tesla.com
ServerAlias admin.tesla.com
DocumentRoot /home/tesla/public_html
ErrorLog /var/log/virtualmin/tesla.com_error_log
CustomLog /var/log/virtualmin/tesla.com_access_log combined
ScriptAlias /cgi-bin/ /home/tesla/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/tesla/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php

<Directory /home/tesla/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.tesla.com
RewriteRule ^(.) https://tesla.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.tesla.com
RewriteRule ^(.) https://tesla.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5.6
RemoveHandler .php7.0
RemoveHandler .php7.1
RemoveHandler .php7.2
RemoveHandler .php7.3
RemoveHandler .php7.4
#php_admin_value engine Off
#php_admin_value engine Off
RedirectMatch ^/(?!.well-known)(.)$ https://tesla.com/$1
RedirectMatch ^/(?!.well-known)(.)$ https://tesla.com/$1
<FilesMatch .php$>
SetHandler proxy:fcgi://localhost:8000

SSLEngine on
SSLCertificateFile /home/tesla/ssl.cert
SSLCertificateKeyFile /home/tesla/ssl.key
SSLCACertificateFile /home/tesla/ssl.ca
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

adamjedgar · May 14, 2020, 12:13am

and here is my apache error log for the primary website that is not working…

[Fri May 08 08:38:55.023689 2020] [:error] [pid 16874:tid 139899541833472] [client 12.34.56.78:46780] [client 12.34.56.78] ModSecurity: Warning. Pattern match “^[1]+$” at REQUEST_HEADERS:Host. [file “/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “793”] [id “920350”] [rev “2”] [msg “Host header is a numeric IP address”] [data “12.34.56.78:443”] [severity “WARNING”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “9”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST”] [tag “WASCTC/WASC-21”] [tag “OWASP_TOP_10/A7”] [tag “PCI/6.5.10”] [hostname “12.34.56.78”] [uri “/”] [unique_id “XrSN-2ic6bwAAEHqQ4oAAABW”]
[Fri May 08 08:38:55.024469 2020] [autoindex:error] [pid 16874:tid 139899541833472] [client 12.34.56.78:46780] AH01276: Cannot serve directory /home/tesla/public_html/: No matching DirectoryIndex (index.html,index.htm,index.php,index.php4,index.php5) found, and server-generated directory index forbidden by Options directive

\\d.: ↩︎

adamjedgar · May 14, 2020, 12:30am

Can i also add, the following is not working in Virtualmin> Server Configuration>Website Options>redirect all requests to SSL site? = No (i try to change this to yes and click save and nothing changes it stays as no)

BTW Virtualmin>Edit Virtual Server>Enabled Features>Apache ssl website enabled = yes

Joe · May 14, 2020, 1:31am

You’ve got no index file in public_html (or it is unreadable by Apache). Apache can’t serve something that doesn’t exist or can’t be read.

adamjedgar · May 14, 2020, 1:39am

tried that…(placed a simple index.html in public_html directory whilst also removing htaccess) it does not seem to be the problem. it appears that this error is firing BEFORE Apache has a chance to serve up the appropriate Virtual Host to respond to this request.

check out the following error in apache log posted above…
Cannot serve directory

ModSecurity: Warning. Pattern match “^[1]+$” at REQUEST_HEADERS:Host. [file “/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “793”] [id “920350”] [rev “2”] [msg “Host header is a numeric IP address”] [data “12.34.56.78:443”] [severity “WARNING”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “9”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST”] [tag “WASCTC/WASC-21”] [tag “OWASP_TOP_10/A7”] [tag “PCI/6.5.10”] [hostname “12.34.56.78”]

i found a post on stack about this and one comment says…

In the event of a deny or “block” rule, ModSecurity will look for the SecDefaultAction directive in the modsecurity_crs_10_setup.conf file. For OWASP_CRS 3.0.0-rc1, this directive changed from
SecDefaultAction "phase:1,deny,log"
SecDefaultAction "phase:2,deny,log"
to
SecDefaultAction "phase:1,log,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'"
SecDefaultAction "phase:2,log,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'"
This is what is causing the re-direct, the rule says block, so it looks for the default action, and the default action is to redirect to the HOST… Which in this case is just the IP already being specified… And there is the redirect loop…

so the question now, in virtualmin how do i fix this? (i did not make this change…the website that is not working has been functioning normally on the webmin system for more than 1 year and now all of a sudden this!)

you guys have to realise, none of this happened until after the webmin 6.09-2 update…whether you choose to believe me or not, the virtual server in question i havent played with in more than 6 months (i have had no reason to bother going anywhere near it).

Also, in webmin, i have run every other update for the last year and these problems i am experiencing have never happened before.

Another stack post says the following…

If you have multiple virtual hosts / sites on the same server then you should either block any direct request for the server’s IP address or serve some other “default” (noindex) web page

I have set virtualmin to do exactly that…Virtualmin>Server Configuration>Website Options>> default website for ipaddress = yes

So if i have set virtualmin to do the above, why isnt it working?

\\d.: ↩︎

system · June 13, 2020, 1:48am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.