Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: port

  1. #1
    chelea is offline Active Member
    Join Date
    Oct 2009
    Posts
    40
    Rep Power
    5

    Question port

    Currently we have users logging with http (80).
    Considering of changing to redirect or mixed (preferably).. CAn anyone give suggestions which should be opted? We have proxy services running so changing has to be on the proxy servers isnt it?

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Personally I would switch to completely HTTPS.

  3. #3
    menno.pieters's Avatar
    menno.pieters is offline Active Member
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    Quote Originally Posted by uxbod View Post
    Personally I would switch to completely HTTPS.
    Agreed, but use "redirect" to facilitate those who don't take the effort to put https in front of the URL (or don't understand the difference...).
    Menno Pieters
    IGI Group

  4. #4
    chelea is offline Active Member
    Join Date
    Oct 2009
    Posts
    40
    Rep Power
    5

    Default

    How about opting MIXED so that only the login session is https?

  5. #5
    menno.pieters's Avatar
    menno.pieters is offline Active Member
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    Quote Originally Posted by chelea View Post
    How about opting MIXED so that only the login session is https?
    That is a lot less secure. After a succesful login, a user gets a session ID, which is presented to Zimbra in almost every request, either as a cookie, or as part of the request header. Anyone who can access the network between the server and the client would be able to "sniff" the HTTP trafic and read the session ID, which could be used to login again as long as the session ID is valid.

    With HTTPS (use https mode or redirect), the session ID cannot be read by outsiders.
    Menno Pieters
    IGI Group

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by chelea View Post
    How about opting MIXED so that only the login session is https?
    You user should understand the importance of security (and you protecting their data), change to https and tell them what it's form. You're also asking for trouble leaving it at http on a public connection.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    chelea is offline Active Member
    Join Date
    Oct 2009
    Posts
    40
    Rep Power
    5

    Default

    Thanks for the replies..

    We have to make the changes by running the commands on proxy server only ?
    I got confused with documents which one to go for

    zmtlsctl [mode] ,

    zmprov ms server.name zimbraReverseProxyMailMode https/mixed

  8. #8
    menno.pieters's Avatar
    menno.pieters is offline Active Member
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    Quote Originally Posted by chelea View Post
    Thanks for the replies..

    We have to make the changes by running the commands on proxy server only ?
    I got confused with documents which one to go for

    zmtlsctl [mode] ,

    zmprov ms server.name zimbraReverseProxyMailMode https/mixed
    At least on the proxy, assuming you trust traffic between the proxy and mailbox server. If not, you should do so on both.
    Menno Pieters
    IGI Group

  9. #9
    chelea is offline Active Member
    Join Date
    Oct 2009
    Posts
    40
    Rep Power
    5

    Default

    Quote Originally Posted by menno.pieters View Post
    At least on the proxy, assuming you trust traffic between the proxy and mailbox server. If not, you should do so on both.
    Cani go for either of the commands mentioned in the previous post?

  10. #10
    menno.pieters's Avatar
    menno.pieters is offline Active Member
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    Quote Originally Posted by chelea View Post
    Cani go for either of the commands mentioned in the previous post?
    The first for the mailbox server, the latter for the proxy. And don't forget to restart Zimbra.
    Menno Pieters
    IGI Group

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 10:27 AM
  2. [SOLVED] Problem with httpd on alternate port
    By swrightsls in forum Installation
    Replies: 4
    Last Post: 07-28-2009, 09:50 AM
  3. Erorr..initializing ldap failed(5362)
    By Logan_filter in forum Installation
    Replies: 10
    Last Post: 12-19-2008, 01:10 PM
  4. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 09:10 AM
  5. Error 256 on Installation
    By RuinExplorer in forum Installation
    Replies: 5
    Last Post: 10-19-2006, 09:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •