WebMail Lite Documentation

Restricting and disabling admin access

By default, admin can log into WebMail Lite admin interface at /adminpanel/ using superadmin login and empty password. Upon logging in, it's possible to change admin password, as well as admin login username if necessary. Admin credentials can be reset as shown here.

If you wish to restrict admin access so that it can only be available from one or several IP addresses, that's done by editing data/settings/modules/AdminAuth.config.json configuration file:

{
    "Disabled": [
        false,
        "bool",
        null,
        "Setting to true disables the module"
    ],
    "SuperadminWhitelistIp": [
        [],
        "array",
        null,
        "If non-empty, only listed IPs are allowed access from"
    ],
    "AllowLoginFromCoreModule": [
        false,
        "bool",
        null,
        "If set to true, superadmin account is allowed to log into main login page"
    ]
}

NB: if AdminAuth.config.json file is missing under data/settings/modules directory, be sure to click "Update configuration" button in Database Settings screen of admin interface.

You can supply the list of IP addresses under SuperadminWhitelistIp parameter, for example:

    "SuperadminWhitelistIp": [
        ["12.34.56.78","1.234.5.67","123.45.67.8"],
        "array",
        null,
        "If non-empty, only listed IPs are allowed access from"
    ]

and if the array is empty, that means all the restrictions are lifted.

If you need to disable admin access entirely, you can set Disabled to true in data/settings/modules/AdminAuth.config.json file. You'll still be able to edit configuration files directly, of course, this is only about blocking WebMail Lite admin access via web.

The same effect can be achieved by setting AdminLogin to an empty string in main in data/settings/config.json configuration file.

In version 9, logging into admin interface from main login page is not allowed, and old adminpanel web client which was used in v8 is now disabled. You can enable it by setting "AllowLoginFromCoreModule" to true in data/settings/modules/AdminAuth.config.json configuration file.