Restrict miab roundcube access by IP

HI Guys,
I tried make my /admin access restricted only to my home IP, such as, which works well; however, I didn’t succeed in doing so for /mail access.

Any ideas what should be done to make this work? I have tried /tools/web_update, and it had updated configurations, but it still didn’t work even with box restarted.

I have this MIAB set up in a physical box at my home with LXC container; it works well for a few years so far and I do take care of these minor customized changes I made during each upgrade.

Here’s some configurations I tried to do.

	# Control Panel
	# Proxy /admin to our Python based control panel daemon. It is
	# listening on IPv4 only so use an IP address and not 'localhost'.
	location /admin/assets {
		alias /usr/local/lib/mailinabox/vendor/assets;
	rewrite ^/admin$ /admin/;
	rewrite ^/admin/munin$ /admin/munin/ redirect;
	location /admin/ {
                deny all;
		proxy_set_header X-Forwarded-For $remote_addr;
		add_header X-Frame-Options "DENY";
		add_header X-Content-Type-Options nosniff;
		add_header Content-Security-Policy "frame-ancestors 'none';";

# Roundcube Webmail configuration.
	rewrite ^/mail$ /mail/ redirect;
	rewrite ^/mail/$ /mail/index.php;
	location /mail/ {
             deny all;
		index index.php;
		alias /usr/local/lib/roundcubemail/;
	location ~ /mail/config/.* {
		# A ~-style location is needed to give this precedence over the next block.
		return 403;
	location ~ /mail/.*\.php {
		# note: ~ has precendence over a regular location block
		include fastcgi_params;
		fastcgi_split_path_info ^/mail(/.*)()$;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
		fastcgi_pass php-fpm;

		# Outgoing mail also goes through this endpoint, so increase the maximum
		# file upload limit to match the corresponding Postfix limit.
		client_max_body_size 128M;


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.