Hi,
I am running e-smith 5.5, webmail is configured as "secure HTTPS access only".
However, if I simply browse to
http://www.mydomain.com/hordethen I can also view my webmail, without any complaints about not using a secure connection. This looks like a security risc to me.
I don't know if this also worked before I installed TWiki. Yesterday I installed TWiki following the howto somewhere on this e-smith.org site, and this morning I discovered just accidently that I can browse to the domain/horde directory to view your webmail without https. I don't know if it is also possible with an SME server without TWiki.
Anyway, is there a way to fix this? Should I have installed TWiki somewhere else, like in an ibay, and change the httpd.conf such that it never looks in /home/httpd/html again? If so, what exactly should I change in httpd.conf ?
Thanks in advance,
Jurjen.