Avoid clients to log in on non SSL on all domains except the designated hostname. — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberHosting

Avoid clients to log in on non SSL on all domains except the designated hostname.

One of my clients discovered that he can log in from port 8090 on his domain with no SSL instead of the designated hostname with SSL. Is this intended behavior? Is there a way to avoid this security risk? He insists on login on his domain because he considers it to be easier to remember, stubborn people like him are everywhere.

Comments

  • edited October 1
    No worries, I fixed it by just implementing HSTS on the vHost, that makes it impossible for them to proceed. Now it looks more professional.
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion