Port 80 redirects to CPanel's /cgi-sys/defaultwebpage.cgi even after forwarding

Question

I recently took over the management of a website using a pure Tomcat 6 server (i.e. no combination Tomcat+Apache) with CPanel installed, which is only accessible on port 8088 (i.e. the main page URL is www.domain.com:8088). I would like the site to be accessible at www.domain.com, i.e. on port 80. As per this article, I ran:

sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8088
sudo /sbin/service iptables save

and then rebooted. However, as before, www.domain.com redirects to www.domain.com/cgi-sys/defaultwebpage.cgi, CPanel's default webpage, which is located at /usr/local/cpanel/cgi-sys/defaultwebpage.cgi. I get a 404 error when accessing any other page at www.domain.com. It seems like CPanel is interfering with the use of port 80. www.domain.com:8088 still works, though.

Here are the contents of /usr/local/tomcat/apache-tomcat-6.0.26/conf/server.xml. Notice that I added proxyPort="80" following port="8088" so it will "act as if the incoming requests were directed to port 80", according to the article.

<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JasperListener" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

  <GlobalNamingResources>

    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector port="8088" proxyPort="80" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="8443" />

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="/usr/local/tomcat/apache-tomcat-6.0.26/.keystore" keystorePass="[redacted]"
               clientAuth="false" sslProtocol="TLS" />

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">

      </Host>
    </Engine>
  </Service>
</Server>

Here are the relevant portions of my iptables file (obtained via less /etc/sysconfig/iptables | grep "80"). IP addresses have been replaced with # for privacy.

-A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x08
-A POSTROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x08
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8088 -j ACCEPT
-A acctboth -s ###.###.###.98 -i ! lo -p tcp -m tcp --dport 80
-A acctboth -d ###.###.###.98 -i ! lo -p tcp -m tcp --sport 80
-A acctboth -s ###.###.###.99 -i ! lo -p tcp -m tcp --dport 80
-A acctboth -d ###.###.###.99 -i ! lo -p tcp -m tcp --sport 80
-A acctboth -s ###.###.###.100 -i ! lo -p tcp -m tcp --dport 80
-A acctboth -d ###.###.###.100 -i ! lo -p tcp -m tcp --sport 80
-A acctboth -s ###.###.###.101 -i ! lo -p tcp -m tcp --dport 80
-A acctboth -d ###.###.###.101 -i ! lo -p tcp -m tcp --sport 80
-A acctboth -s ###.###.###.102 -i ! lo -p tcp -m tcp --dport 80
-A acctboth -d ###.###.###.102 -i ! lo -p tcp -m tcp --sport 80
-A acctboth -s ##.###.###.2 -i ! lo -p tcp -m tcp --dport 80
-A acctboth -d ##.###.###.2 -i ! lo -p tcp -m tcp --sport 80
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8088

Because the operating system is CentOS 5.10, which is not Debian-based, authbind is not available so using it, as described in several answers here, is not an option.

How can I access the website on port 80 without being redirected to /cgi-sys/defaultwebpage.cgi?

Edit: Here is the result of iptables -L -nv | grep 80. All the ones with number signs go to my website:

   37  1480 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1433
  360 29735 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
 1600 92619 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080
  701 59109 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8088
   55 18046 ACCEPT     all  --  *      *       0.0.0.0/0            <IP number 2>
  122  8401            tcp  --  !lo    *       ###.###.###.98       0.0.0.0/0           tcp dpt:80
  113 56481            tcp  --  !lo    *       0.0.0.0/0            ###.###.###.98      tcp spt:80
    0     0            tcp  --  !lo    *       ###.###.###.99       0.0.0.0/0           tcp dpt:80
    2    88            tcp  --  !lo    *       0.0.0.0/0            ###.###.###.99      tcp spt:80
    0     0            tcp  --  !lo    *       ###.###.###.100      0.0.0.0/0           tcp dpt:80
    2    88            tcp  --  !lo    *       0.0.0.0/0            ###.###.###.100     tcp spt:80
    0     0            tcp  --  !lo    *       ###.###.###.101      0.0.0.0/0           tcp dpt:80
    1    44            tcp  --  !lo    *       0.0.0.0/0            ###.###.###.101     tcp spt:80
    0     0            tcp  --  !lo    *       ###.###.###.102      0.0.0.0/0           tcp dpt:80
    0     0            tcp  --  !lo    *       0.0.0.0/0            ###.###.###.102     tcp spt:80
    0     0            tcp  --  !lo    *       <IP number 3>         0.0.0.0/0           tcp dpt:80
    0     0            tcp  --  !lo    *       0.0.0.0/0            <IP number 3>       tcp spt:80

krisFR · Accepted Answer · 2014-04-13T03:33:03.230

1

i.e. no combination Tomcat+Apache

This is not true because netstat -anp | grep :80 returned :

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3827/httpd

You can shut it down if you want Tomcat be your main Web Server.

Then run your iptables prerouting rule :

sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8088

And it should work.

edited Apr 13 '14 at 03:33

answered Apr 13 '14 at 03:18

krisFR

12,830
3
31
40

Port 80 redirects to CPanel's /cgi-sys/defaultwebpage.cgi even after forwarding

1 Answers1