Error cpanel + afterlogic + csf

afterlogic / webmail-lite-8

Open-source webmail script for existing IMAP server

https://afterlogic.org/webmail-lite-8

GNU Affero General Public License v3.0

335 stars 72 forks source link

Error cpanel + afterlogic + csf #83

Closed andersonosn closed 2 years ago

andersonosn commented 3 years ago

Hello,

We use Afterlogic Webmail installed inside the cPanel server (domain.com:2096)

The server operates with Configserver's CSF Firewall.

We've been facing this problem for months, even updating Afterlogic versions and it's something that happens even in the Pro version.

The firewall is blocking the user's IP while he is normally using Webmail, and generating the logs below, we've already reviewed everything and we can't understand how to solve it.

[2021-09-16 13:41:22 -0300] info [webmaild] 000.000.000.000 - - "POST /cpsess0123456789/3rdparty/afterlogic/webmail/?/Api/ HTTP/1.1" FAILED LOGIN webmaild: Authorization: type not known
[2021-09-16 13:41:33 -0300] info [webmaild] 000.000.000.000 - - "POST /cpsess0123456789/3rdparty/afterlogic/webmail/?/Api/ HTTP/1.1" FAILED LOGIN webmaild: Authorization: type not known
[2021-09-16 13:41:43 -0300] info [webmaild] 000.000.000.000 - - "POST /cpsess0123456789/3rdparty/afterlogic/webmail/?/Api/ HTTP/1.1" FAILED LOGIN webmaild: Authorization: type not known

Can you help? Does any other user experience this? Our CSF follows the standard for cPanel even though it is a shared web hosting server.

Thanks!

afterlogic-support commented 3 years ago

Hello,

A while back, one of our users has reported a very similar issue, it occurred when user logged out of cPanel yet was logged into WebMail (in another tab, for example) and the developers have provided a workaround, there's a chance it'll help you as well; the installation files are located under /usr/local/cpanel/base/3rdparty/afterlogic/webmail.

In static/js/app.js file, locate the following code:

CAjax.prototype.always = function (oRequest, oXhr, sType)
{
    this.filterRequests(oRequest);
};

and modify it as follows:

CAjax.prototype.always = function (oRequest, oXhr, sType)
{
    this.filterRequests(oRequest);
    if (oXhr.status === 401)
    {
        App.logoutAndGotoLogin();
    }
};

In `data/settings/config.json file, locate the following entry:

"UseAppMinJs": [
    false,
    "bool"
],

and set the value to true.

As a result, whenever user gets Error 401 ("Access denied"), they will be instantly logged out of WebMail and redirected to cPanel login screen.

Hope it helps.

afterlogic-support commented 2 years ago

Thread closed due to inactivity. Feel free to reopen should the issue occur with the latest version.

andersonosn commented 1 year ago

Hello,

I followed these steps, changing the static/js/app.js file and setting "True" to UseAppMinJs

But the problem remains. I'm using Afterlogic 8.

Would you help me?

afterlogic-support commented 1 year ago

We can only assist with the latest version of the product? Does the issue occur in current 9.6.1?