From: Christian S. <csc...@wm...> - 2003-05-28 07:41:22
|
Hi, I´m trieng to setup webmin to be accessible via webmin.myhost.com. I found the corresponding HOWTO and followed the steps, but I had some problems (No login screen, just the Message that I don´t have access to any Modules, but user/modules are listed in webmin.acl). Then I found the posting of a guy that setup his apache to reach webmin via virtualhost using the proxypass method (Apache redirects any requests from webmin.myhost.com to myhost.com:10000). This is almost working for me now. I can login and I can see the same modules as when connecting to myhost:10000. But when I open a certain module I get the following warning: <<<<<<<<<<<<<<<<<< Warning! Webmin has detected that the program http://myhost.com:10000/apache/ was linked to from the URL http://webmin.myhost.com, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command. >>>>>>>>>>>>>>>>>> There is a Button, that I can hit to allow executing the request but it shows the same warning again. Does anybody uses proxypass to access webmin via something like webmin.myhost.com. I this secure? What can I do against this warning/error? I want my machine to be secure as possible, if somebody tells me that this way is pretty insecure then I appreciate any hint depending my problems with the 'normal' way. Thanks and Regards! Chris |
From: Jamie C. <jca...@we...> - 2003-05-28 12:10:59
|
On Wed, 2003-05-28 at 17:40, Christian Schlaefcke wrote: > Hi, >=20 > I=B4m trieng to setup webmin to be accessible via webmin.myhost.com. I fo= und > the corresponding HOWTO and followed the steps, but I had some problems > (No login screen, just the Message that I don=B4t have access to any > Modules, but user/modules are listed in webmin.acl). Then I found the > posting of a guy that setup his apache to reach webmin via virtualhost > using the proxypass method (Apache redirects any requests from > webmin.myhost.com to myhost.com:10000). > This is almost working for me now. I can login and I can see the same > modules as when connecting to myhost:10000. But when I open a certain > module I get the following warning: >=20 > <<<<<<<<<<<<<<<<<< > Warning! Webmin has detected that the program > http://myhost.com:10000/apache/ was linked to from the URL > http://webmin.myhost.com, which appears to be outside the Webmin server. > This may be an attempt to trick your server into executing a dangerous > command. > >>>>>>>>>>>>>>>>>> >=20 > There is a Button, that I can hit to allow executing the request but it > shows the same warning again. >=20 > Does anybody uses proxypass to access webmin via something like > webmin.myhost.com. I this secure? What can I do against this > warning/error? >=20 > I want my machine to be secure as possible, if somebody tells me that thi= s > way is pretty insecure then I appreciate any hint depending my problems > with the 'normal' way. That warning is usually displayed by webmin when you follow a link from other website to a webmin CGI program, which could be potentially dangerous - for example, a web site might contain HTML like <a href=3Dhttp://localhost:10000/proc/run.cgi?cmd=3Drm+*>click me</a> Unfortunately, when you access the server through an apache proxy, it gets confuses and starts showing the message incorrectly. The way to avoid it is to open the Webmin Configuration module, click on Trusted Referers and enter webmin.myhost.com into the 'Trusted websites' box. =20 - Jamie |
From: Andrew R. <ri...@is...> - 2003-05-28 12:55:40
|
Christian Schlaefcke wrote: >Hi, > >I=B4m trieng to setup webmin to be accessible via webmin.myhost.com. I f= ound >the corresponding HOWTO and followed the steps, but I had some problems >(No login screen, just the Message that I don=B4t have access to any >Modules, but user/modules are listed in webmin.acl). Then I found the >posting of a guy that setup his apache to reach webmin via virtualhost >using the proxypass method (Apache redirects any requests from >webmin.myhost.com to myhost.com:10000). >This is almost working for me now. I can login and I can see the same >modules as when connecting to myhost:10000. But when I open a certain >module I get the following warning: > ><<<<<<<<<<<<<<<<<< >Warning! Webmin has detected that the program >http://myhost.com:10000/apache/ was linked to from the URL >http://webmin.myhost.com, which appears to be outside the Webmin server. >This may be an attempt to trick your server into executing a dangerous >command. > =20 > > >There is a Button, that I can hit to allow executing the request but it >shows the same warning again. > >Does anybody uses proxypass to access webmin via something like >webmin.myhost.com. I this secure? What can I do against this >warning/error? > >I want my machine to be secure as possible, if somebody tells me that th= is >way is pretty insecure then I appreciate any hint depending my problems >with the 'normal' way. > >Thanks and Regards! > >Chris > > > > >------------------------------------------------------- >This SF.net email is sponsored by: ObjectStore. >If flattening out C++ or Java code to make your application fit in a >relational database is painful, don't do it! Check out ObjectStore. >Now part of Progress Software. http://www.objectstore.net/sourceforge >- >Forwarded by the Webmin mailing list at web...@li...urceforge.= net >To remove yourself from this list, go to >http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > =20 > |