View Full Version : Allow 443 for only one subdomain.

07-22-2011, 11:32 AM
I have a development web server that is also a mail server. I want to allow my boss to send email from home. So i have set up squirrel mail. I want to somehow only allow users to connect to the server from outside to 443 to the squirrel mail but not to the rest of the server. The standard doc root for the server is one place (with development material), and i don't want that accessible from the outside only from the inside, this can be on port 80 then i just don't set up port forwarding to port 80. Then i set up port forwarding on the router to 443 for the web mail. But i don't want them to be able to access the rest of the web server through port 443, only the squirrel mail location. Is this possible? I have sub domains i can point to the server if that helps? Hope this makes sense and any help would be greatly appreciated... Thanks!

07-23-2011, 10:17 AM
Create a new vhost for the 443 connection using the sub-domain.

<VirtualHost *:443>
ServerName sub.domain.com
DocumentRoot /folder/for/your/mail/site
#rest of your vhost config goes here...

Then just set-up your mail scripts in the document root and jobs a good un.

07-26-2011, 03:40 PM
Thanks i followed this and it kind of works. But seems that then any subdomain connecting under https goes to that sub domain folder? Any ideas how to fix that? Maybe have any other subdomain connecting through https go to an error page would be ideal?

07-26-2011, 09:42 PM
If that is the only 443 sub-domain that you have then it's probably acting as a default for all requests that come in on SSL. I'm not sure what the best way to deal with that is, but personally I'd probably just use mod_rewrite to check the domain and redirect back to the unencrypted domain. Something like the following should do the trick, just place it in the 443 sub-domain that you created. Probably not 100% correct, but something along these lines should work...

RewriteEngine On
RewriteCond %{HTTP_HOST} !^mysub.domain.com
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301]