Posted by Still talking about Policyd. When you access policyd webui, it’s not asking username and password. So, everyone can access policyd configuration via webui. To protect policyd webui, we can use three ways. First, we can stopping Apache service Zimbra with zmapachectl stop. Second, we can use firewall to protect and third, we can use login username and password with htaccess. From three options available, i am recommended to using third option. This is how to protect policyd webui using username and password with htaccess.
cd /opt/zimbra/cbpolicyd/share/webui/ vi .htaccess
fill with the following lines
AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd AuthGroupFile /dev/null AuthName "User and Password" AuthType Basic <LIMIT GET> require valid-user </LIMIT>
create htpasswd file, username and password
touch .htpasswd /opt/zimbra/httpd/bin/htpasswd -cb .htpasswd USERNAME PASSWORD
change username and password with username/password do you want. Edit httpd.conf Apache Zimbra
vi /opt/zimbra/conf/httpd.conf
add the following configuration at the bottom
Alias /webui /opt/zimbra/cbpolicyd/share/webui/ <Directory /opt/zimbra/cbpolicyd/share/webui/> # Comment out the following 3 lines to make web ui accessible from anywhere AllowOverride AuthConfig Order Deny,Allow Allow from all </Directory>
Restart Apache Zimbra service
su - zimbra -c "zmapachectl restart"
Update 27 Jan 2020
For Zimbra 8.8.X
Thanks to Fayaz Khan for the guidance
cd /opt/zimbra/common/share/webui/ vi .htaccess
Fill with the following lines. Then save
AuthUserFile /opt/zimbra/common/share/webui/.htpasswd AuthGroupFile /dev/null AuthName "User and Password" AuthType Basic require valid-user
touch .htpasswd /opt/zimbra/common/bin/htpasswd -cb .htpasswd user password vi /opt/zimbra/conf/httpd.conf
Please add these lines at the bottom
Alias /webui /opt/zimbra/common/share/webui/ <Directory /opt/zimbra/common/share/webui/> # Comment out the following 3 lines to make web ui accessible from anywhere AllowOverride AuthConfig Order Deny,Allow Allow from all </Directory>
su – zimbra -c "zmapachectl restart"
please try to access policyd webui via browser. it would asking username and password like the following picture
Good luck and hopefully useful 😀
Let’s See the Video on Youtube
edit http.conf
open
#LoadModule rewrite_module modules/mod_rewrite.so
and change all
AllowOverride None
to
AllowOverride All
thx so much for this complement, amazin ppost imanudin
Very useful. Thank you.
Hi,
Thanks for your usefull infomation. i tried this, working fine, is there any session timeout for this.
Hi Vinod,
Maybe you can try this information about timeout session in htaccess : http://stackoverflow.com/questions/5206061/session-timeout-in-php-code-and-in-htaccess 😉
i did the above config but i’m not able to access the web its show the below error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at you@example.com to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Hi Mohammed,
I think you miss configuration in httpd.conf. Please re-check and ensure all configuration already properly
Hi iman ; i check httpd.conf and i don’t see any mistake
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Alias /webui /opt/zimbra/cbpolicyd/share/webui/
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
I got the same issue and I proceed to add # to the 3 lines and restart, then remove the # and restart. Now it prompts for login, but the login refused to let me in despite entering the correct login name and password!
Got it to work. The issue was due to typo error in .htaccess due to a missing spacing.
Hi,
Glad to hear that 🙂
kang,
vi .htacces tdk bisa di save krn open file.
gmn ya supaya bisa di save?
nuhun pencerahannya.
regards
Deni
Coba save dengan perintah :wq!
After amending httpd.conf and restart, the webui is no longer accessible!
Hi,
Please make sure Zimbra Apache is running well. If you cannot access webui, please access Zimbra Apache like this http://IPZIMBRA:7780 and ensure appear its works.
Thanks !! Working fine..
hello,getting this error when starting http server,
zmapachectl start
Starting apache…httpd: Syntax error on line 148 of /opt/zimbra/conf/httpd.conf: Cannot load modules/libphp5.so into server: libaspell.so.15: cannot open shared object file: No such file or directory
Hello,
Are you not install Zimbra Spell? if yes, please install aspell package from your Linux distribution and try to restart Zimbra Apache again 🙂
hi iman,
how to configure smtp authentication
spf and dkim
with regards
amith
Hi Amithrajc,
Please see the following guidance :
– SMTP Auth for External Delivery : https://imanudin.net/2014/09/18/how-to-configure-outgoing-smtp-authentication-on-zimbra-8-5/
– SPF : https://imanudin.net/2015/02/09/how-to-configure-spf-sender-policy-framework-records-for-email-server/
– DKIM : https://imanudin.net/2015/02/10/how-to-configure-and-validate-dkim-records-on-zimbra/
Hello Iman,
As you can see my above comment i used your method since last year and it works perfectly 🙂 but I’m stuck a bit nowadays. Is there any way to change the port of PolicyD Web UI 7780 to another ? We need to change the port for some reason and if you can help me, i would be appreciate 🙂
Thanks in advance
By Regards..
Dear Iman,
I solved it :d with httpd.conf. Thx !
Hi Ahmet,
Glad to hear that 😉
Hi,
I have just forgot the password for the policyd webui. any way to reset it?
Hi,
You can type again this command
Hello
This guide doesn’t work with zimbra 8.7 =(((
Hi Marco,
Zimbra 8.7 have different location with previous Zimbra. You can try this method : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/#comment-14955
Sugeng Enjang mas Iman..
saya mau tanya mas… ketika saya mau buat user dan password ada error kayak begini..
root@email:~# /opt/zimbra/common/bin/htpasswd -cb .htpasswd cbadmin cbpassword
/opt/zimbra/common/bin/htpasswd: symbol lookup error: /opt/zimbra/common/bin/htpasswd: undefined symbol: e
kira2 apanya ya Mas..?
Maturnuwun – Arim
Hi mas Arim,
Pastikan posisi mas Arim ketika menjalankan perintah tersebut ada pada folder webui
Dear Admin,
What’s the default sending message rate of zimbra? (allow sending message per hour).
Hello,
By default, Zimbra do not have limitation of sending/receiving email
Hello.
For Zimbra 8.7.11:
/opt/zimbra/common/bin/htpasswd -cb .htpasswd USERNAME PASSWORD
Edit /opt/zimbra/conf/httpd.conf
And add:
Alias /webui /opt/zimbra/common/share/webui/
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
You can now access the Policyd Webui with browser at URL http://IPZimbra:7780/webui/index.php
Hello Fedir,
Thanks for share 🙂
hi,
CbPolicyD WEBGUI is not working ,
/opt/zimbra/bin/zmapachectl: line 85: kill: (11288) – No such process
apache is not running.
restarted apache server many times still the same.
Hi Nagendra,
Please paste the result from the following command
zimbraServiceInstalled: amavis
zimbraServiceInstalled: antivirus
zimbraServiceInstalled: antispam
zimbraServiceInstalled: opendkim
zimbraServiceInstalled: logger
zimbraServiceInstalled: mailbox
zimbraServiceInstalled: memcached
zimbraServiceInstalled: mta
zimbraServiceInstalled: dnscache
zimbraServiceInstalled: stats
zimbraServiceInstalled: proxy
zimbraServiceInstalled: snmp
zimbraServiceInstalled: spell
zimbraServiceInstalled: ldap
zimbraServiceInstalled: cbpolicyd
its working now .. i restarted zmapachectl from root login it worked thanks iman for all the help.
Hi Nagendra,
Glad to hear that 🙂
Hello Iman,
Could not find the Cbpolicyd folder in the location you provided.
My Zimbra version is 8.6
Hello Iman,
Done setup as you recommended for zimbra 8.7 but its not working. Can you please let me know waht to do further.
All is working but the webui does not take the username password defined in .htpasswd file.
Can you please suggest?
Hi Gul Khan,
Please try the tips from this comment : https://imanudin.net/2014/09/12/zimbra-tips-how-to-protect-policyd-webui/#comment-18364
Hello Iman,
Thanks for the response but could not get through with this link also.
The issue remains same. Could not login with provided user ID and Password.
Its working now. Thanks…
Hi Gul Khan,
Glad to hear that 🙂
http://ZIMBSV:7780/webui/index.php
Can’t get this fix.
Not Found
The requested URL /webui/index.php was not found on this server.
Please assist me.
when I access ZIMBSV:7780,
I get IT WORKS!
Hi,
Are you has been configured this one? : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/
Hi,
I am running Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition. Can you please guide me where to put htpasswd file and AuthUserFile path?
Regards,
Sheikh Munawar
Hi,
You can put on this folder
i am uable to protect webui in zimbra 8.7 kindly help
Hi,
Please try this method : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/#comment-14955
terimakasih byk atas tuts nya mas iman.
tuts nya lancar, tp sy ingin bertanya :
apakah usernamepassword hanya untuk 1 id ?
Hi mas,
Untuk username dan password bisa lebih dari satu. Hilangkan parameter -c ketika menjalankan perintah htpasswd untuk menambah user baru
Hi Iman,
Can you guide me to install on the multiserver?
Thanks.
Hi Kaidou,
The configuration is same when you install on single server
I walked thru the steps and have tried all configuration listed in the blog and those offered in the comments.
I can access the site however, I still do not get a login prompt.
help?
Hi,
Could you please give me more information about your Zimbra version and step you did
Hi Iman.
I need to enable Policyd on a zimbra server, version 8.8.
I’m having difficulties with the webui e opendkim. What do I need to enable the webui, which is my main problem?
Hi Paola,
– You can follow this guide to install Poliycd on version 8.8 : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/.
– Policyd did not have webui for opendkim
I had already tried that guide, but it didn’t work, I mean I still do not the web interface for Policyd.
I don’t need the web interface for opendkim.
(Sorry for the late reply but I’ve never received follow-up comments by email, just a first one after posting my question).
Well, I disabled policyd and re-enabled it. This time everything went fine, I wonder what kind of mistake I made the first time but I’m allright. Thanks.
Hi Paola,
Glad to hear that 🙂
im unable to start the apache service getting below error kindly help..
Starting apache…AH00526: Syntax error on line 21 of /opt/zimbra/conf/httpd.conf:
Invalid command ‘ServerRoot:’, perhaps misspelled or defined by a module not included in the server configuration
failed.
Hello,
Please check the line 21 in httpd.conf. The error log refer into that line
Hi iman ,
We are using zimbra server for bulk mail sending , kindly give me suggest to check per hour / per day sent | bounced | deferred mail count ..
Hello,
I think, every day you get a daily report from Zimbra. Default email will be sent to the admin account
hi
i hope you are fine . i have deployed restricion on policyd on ZIMBRA 8.8.15 patch 6 . Please add in your blog for new user . its perfectly working fine for me. Here is the setps :
##############################Protect Policyd WebUI#################################
Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 FOSS edition, Patch 8.8.15_P6
1. cd /opt/zimbra/common/share/webui/
2. vi .htaccess
AuthUserFile /opt/zimbra/common/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName “User and Password”
AuthType Basic
require valid-user
3. touch .htpasswd
4. /opt/zimbra/common/bin/htpasswd -cb .htpasswd user password
5. vi /opt/zimbra/conf/httpd.conf
Alias /webui /opt/zimbra/common/share/webui/
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
6. su – zimbra -c “zmapachectl restart”
#####################################
Thanks
Fayaz khan
Hello Fayaz Khan,
Perfect. Thank you for the sharing. Appreciated
Hi iman
you welcome !!!
I have perfomed all steps which you have mention.
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Alias /webui /opt/zimbra/common/share/webui
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
after this when i restart zmapachectl then getting bellow error.
[zimbra@mail ~]$ zmapachectl restart
Stopping apache…AH00526: Syntax error on line 497 of /opt/zimbra/conf/httpd.conf:
AllowOverride not allowed here
failed.
Starting apache…AH00526: Syntax error on line 497 of /opt/zimbra/conf/httpd.conf:
AllowOverride not allowed here
failed.
so please check this error and please help me.
Hi Gautam Kumar,. I updated the guide. Please check again
You are missing
Thanks Iman.
It is working.
saya lupa password, bagaimana saya mengetahui passwordnya, tanpa reset
Bisa buat user dan password baru via htaccess. User dan password ada pada file .htpasswd