Blocking webmail using .htaccess

[yapadu]

I would like to increase security on my DA domains by blocking access to the three webmail systems, and phpmyadmin.

I will not be using the webmail at all, but I don't want to remove them and possibly cause future problems when upgrading DirectAdmin etc.

I thought it would be easier to add an .htaccess rule that would simply prevent all access to those virtual directories (if that is what they are?).

Does this sound like something reasonable?

 

[floyd]

They are all listed in httpd.conf and are located in /var/www/html.

 

[yapadu]

I see the links in /var/www/html which point to the current version of the software for each webmail package.

I want to avoid tampering with that structure to prevent any future upgrade problems. I previously ran Plesk, and if you changed anything that Plesk would rely on it would come back to bite you in the butt down the road when the upgrades would fail.

I'm still trying to understand how the httpd.conf sets up the links to those webmail sites, I don't see any mapping in there yet.

 

[littleoak]

Why not just uninstall the webmail applications?

 

[yapadu]

What impact does uninstalling them have on DirectAdmin? I would think DirectAdmin would not appreciate having parts that it thinks are there to all of a sudden be gone.

Is there really no easy way to block access to it with .htaccess and not leave the underlying pieces still there so it would not have any possible negative effect on DirectAdmin?

Yes, I am very scared of messing with DirectAdmin out of fear of something breaking or being undone when the next update is applied...

 

[littleoak]

DirectAdmin does not care. It's in no way reliant upon any other programs.

Using .htaccess to block Webmail is not a good solution. Deleting the links and aliases would be the first step. Uninstalling the webmail programs would be the only sure way.