[Feature request] Ignore SSL setting when connecting to 127.0.0.1:2222

zEitEr

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
15,366
Location
www.poralix.com
Hello,

I'd like to ask you to give us an opportunity to switch an option, let's say
Code: 
ssl_ignore_when_local=0|1

it would allow to connect to Directadmin on http://127.0.0.1:2222/ even if SSL is enabled in directadmin.conf
 
Not to say that this is the preferred way, but one way would be to set up DirectAdmin for secure login on one port and insecure on another port (knowledgebase has an article somewhere), and then limit insecure through your firewall.

Jeff
 
Jeff, you're right. That is how we do it now. And it seems to be working fine. Nevertheless, I'd like to see the feature implemented and been presented on administrator settings page to help others to modify it in more convenient way.
 
Hello,

It's not impossible to do (guessing), however, just curious for what purpose? I'm assuming you're referring to local API calls?

John
 
I've added it (didn't take long):
http://www.directadmin.com/features.php?id=1310

However, although it works fine for 127.0.0.1, it's implementation is slightly backwards in that it's checking the connecting IP value, instead of the "connected-to" IP value.
I don't currently have socket code to figure out the IP that is being connected to, so for now, the feature just checks the connecting IP.. which will be the 127.0.0.1, the same as the IP being connected to for IPv4.
This is only an issue for IPv6 when ::1 is connected to, as the "from" IP that shows up in DA is the server IP, which makes the feature fail, since the server IP isn't local.

In any case, I may.. or may not add the proper code, but it does work as long as API calls are to 127.0.0.1 and not to ::1.

John
 
Since there are not any current SSL settings there already, it would probably be out of place sitting there on it's own.
It can still be added through the Admin Level -> File Editor

John
 
You must log in or register to reply here.
Back
Top