NethServer release 7.3.1611
RoundCubeMail
I have installed Roundcube and SOGo.
I can access without problems from the local network.
From the outside I can access sogo. But when entering roudcube gives me the following error.
Forbidden - You don’t have permission to access /webmail/ on this server.
1 Like
I answer myself.
Looking at my file /etc/httpd/config.d/roundcubemail.conf
I had the following
<Directory /usr/share/roundcubemail/>
# Apache 2.4
Require ip 127.0.0.1 192.168.1.0/255.255.255.0
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
# Allow from 127.0.0.1 192.168.1.0/255.255.255.0
I have modified it with the following …
<Directory /usr/share/roundcubemail/>
# Apache 2.4
# Require ip 127.0.0.1 192.168.1.0/255.255.255.0
Require all granted
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from all
# Allow from 127.0.0.1 192.168.1.0/255.255.255.0
1 Like
stephdl
(Stéphane de Labrusse)
May 28, 2017, 7:38am
3
you are discovering the template system, for the next update, your changes will be rewritten…but you find a bug
after a clean install
[root@NS7DEV8 ~]# config show roundcubemail
roundcubemail=configuration
PluginsList=managesieve,markasjunk
Server=localhost
access=green,red
and we can read in /etc/e-smith/templates/etc/httpd/conf.d/roundcubemail.conf/10base
<IfModule mod_authz_core.c>
# Apache 2.4
Require {$OUT .= ( $roundcubemail{access} eq "public" ) ? "all granted" : "ip $localAccess" ;}
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from {$OUT .= ( $roundcubemail{access} eq "public" ) ? "all" : $localAccess ;}
</IfModule>
we will never have a public access
@giacomo what do you think ?
Hi,
same problem here. Nethserver works in a DMZ. I have no access from my internal local network.
But when i put my internal network 192.168.x.x via GUI to the trusted networks, everthing works fine.
Regards
Uwe
1 Like
stephdl
(Stéphane de Labrusse)
May 28, 2017, 9:56am
5
sorry git blame direct to @davidep
committed 04:52PM - 01 Mar 17 UTC
1 Like
davidep
(Davide Principi)
May 29, 2017, 7:00am
6
You’re right, that commit should not be there because roundcube is not a “service” record, it’s a “configuration”.
We must revert it. However at this point we must either
fix the template to support both DB values: “public” and “red,green”, or
write down a DB migrate fragment that fixes the DB.
I’d go with 2.
giacomo
(Giacomo Sanchietti)
May 29, 2017, 7:21am
7
I’d like to remove the access
prop, since no other web application has something similar.
davidep
(Davide Principi)
May 29, 2017, 7:34am
8
Bug filed
https://github.com/NethServer/dev/issues/5304
Edit: fix available from nethserver-testing
yum --enablerepo=nethserver-testing update nethserver-roundcubemail
2 Likes
stephdl
(Stéphane de Labrusse)
May 29, 2017, 7:54am
9
I disagree…any web application must have an access property. For example in a school you might have interest to get an internal webmail.
Same for any of my web applications, eg php*admin…you are restricted to the lan.
Yes davidep, now a migrate fragment is needed to set the same property value everywhere
1 Like
davidep
(Davide Principi)
May 29, 2017, 8:24am
10
stephdl:
everywhere
Did you found similar cases? I mean, in March I massively migrated the “access” prop to the new comma separated form, compatible with “Network services” page. As we’ve seen here, despite the code analysis I performed at that time, there can be some regressions/bugs.
Did you find other web applications that suffer of the same issue?
stephdl
(Stéphane de Labrusse)
May 29, 2017, 4:20pm
11
I did not see others, but it occurs for new installations…I found myself a bug in wordpress this wk…we are not machines…only humans
2 Likes
davidep
(Davide Principi)
Closed
June 1, 2017, 4:20pm
12
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.