Providing clients with webmail access via proxy?

Technical support for webhosting Resellers, and questions which directly relate to their services.

Moderator: Admins

Post Reply
pkiff
newbie
Posts: 7
Joined: Thu Jul 26, 2007 11:12 pm

Providing clients with webmail access via proxy?

Post by pkiff »

I have a couple clients who are unable to access webmail through their current office web connections due to firewalls. They are unable or unwilling to get their local systems/IT staff to open up the necessary ports to access their webmail features hosted on sites on my reseller account at PriorityColo.

Is there a workaround that I can offer to these clients?

I tried to install cPanel Proxy, which supposedly creates a local proxy that users can access as though it is port 80. This seemed to have some effect (i.e. the client was able to get farther along towards logging in than before) but in the end, it still would not allow the user to log in.

Presumably, the use of cPanel Proxy opens up some security risks, especially given that it appears to be a bit old, now, but I was only looking for a temporary solution -- until such time as the client is in a different computing environment or is able to arrange for someone to punch a hole in their local firewall and/or provide a working proxy to bypass it.

Is there a way to offer the webmail service through port 80 to clients in this situation?

Phil.
pkiff
newbie
Posts: 7
Joined: Thu Jul 26, 2007 11:12 pm

Post by pkiff »

I've figured out the problem with cPanel Proxy and am posting the solution for others who may run into the same problem.

Apparently, cPanel version 11 broke cPanel Proxy by changing the way some of the domain/hostnames/cookies are passed from one window/server/interface to the next. And cPanel Proxy itself has apparently been abandoned on SourceForge. There have been numerous calls for cPanel to come up with a built-in solution to the exact problem I describe, but as of yet nothing other than a third-party solution is available, and cPanel Proxy is still the most commonly recommended third-party solution available.

A user on the cPanel forums named rmaximo came up with a one-line addition to the main cPanel Proxy code that gets around the problems introduced by cPanel version 11. You can read about the solution on the cPanel Forums under the thread cpanelproxy.

The solution is to add the following single line of code:
$data = preg_replace('_([^.]*)/webmail_', '$1/webmail_', $data);
after line 220, before line 223.

Here is what the current lines 222-225 should look like before the patch:
// Fix hostname in redirects, cookies...
$data = str_replace(
array('localhost:2095', 'localhost:2082', 'localhost:2086'),
array($webmailhost, $cpanelhost, $whmhost),

And after the patch:
// Fix hostname in redirects, cookies...
$data = preg_replace('_([^.]*)/webmail_', '$1/webmail_', $data);
$data = str_replace(
array('localhost:2095', 'localhost:2082', 'localhost:2086'),
array($webmailhost, $cpanelhost, $whmhost),

I am still not sure about how serious the loss of security is in making this change, so would not recommend it except if you really cannot figure out any other solution for a client who is behind a permanent firewall.

I hope this helps others,

Phil.
pkiff
newbie
Posts: 7
Joined: Thu Jul 26, 2007 11:12 pm

Post by pkiff »

This "solution" for accessing webmail through a proxy should no longer be necessary on PriorityColo reseller servers. cPanel 11.23 introudced a new proxy service that does precisely what cpanelproxy does, and better. Now, when clients attempt to access the webmail service, there is a check to see if they have access to the default cPanel port(s) or if they should be redirected to a port 80 connection in order to bypass firewalls.

Here are a couple references to this change over on the cPanel forum:

cpanelproxy:
http://forums.cpanel.net/showthread.php?t=66107&page=7

CPPROXY on WHM stopped working after latest upgrade
http://forums.cpanel.net/showthread.php?t=89137

Phil.
Post Reply