setFlash('error', 'Nome, Display Name e Base URL sono obbligatori'); redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; } // Verifica nome unico $db->query("SELECT id FROM services_available WHERE name = ?", [$name]); if ($db->fetch()) { $session->setFlash('error', "Il servizio '$name' esiste giΓ "); redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; } try { // 1. Inserisci in services_available $sa_id = $db->insert('services_available', [ 'name' => $name, 'display_name' => $display_name, 'description' => $description ?: null, 'service_type' => 'server', 'category' => 'admin', 'default_port' => null, 'default_path' => '/', 'icon' => 'server', 'requires_auth' => 1, 'is_common' => 0, 'is_active' => 1, 'modsec_uri_pattern' => $modsec_uri ?: null, 'modsec_enabled' => 1, 'url' => $base_url ]); // 2. Inserisci in services_configured (con doc_root) $sc_id = $db->insert('services_configured', [ 'service_id' => $sa_id, 'custom_name' => $display_name, 'base_url' => $base_url, 'doc_root' => $doc_root_input ?: null, 'allowed_roles' => $allowed_roles, 'status' => 'active', 'show_in_menu' => 1, 'configured_at' => date('Y-m-d H:i:s'), 'configured_by' => $session->getEmail() ]); // 3. Crea whitelist ModSecurity vuota $whitelist_file = "/etc/modsecurity/usermanager-whitelist-{$name}.conf"; $whitelist_content = "# WHITELIST {$display_name} - Generata automaticamente\n"; $whitelist_content .= "# Servizio: {$name} (services_configured id: {$sc_id})\n"; $whitelist_content .= "# Data: " . date('Y-m-d H:i:s') . "\n"; $whitelist_content .= "# Nessun device registrato\n"; file_put_contents($whitelist_file, $whitelist_content); chmod($whitelist_file, 0664); chown($whitelist_file, 'root'); chgrp($whitelist_file, 'FTP'); // 4. Crea 403.html dedicato $return_url = rtrim($base_url, '/') . '/'; $api_url = 'https://vmi2830426.contaboserver.net:8444/api/auto-update-ip.php'; $html_403 = << Accesso Riservato

πŸ”’ Area Riservata

Verifica accesso in corso...

HTML403; // Usa doc_root dal form per posizionare 403.html $html_403_path = ''; if ($doc_root_input && is_dir($doc_root_input)) { $html_403_path = "{$doc_root_input}/403.html"; file_put_contents($html_403_path, $html_403); chmod($html_403_path, 0644); } // 5. Audit log $db->insert('audit_log', [ 'user_id' => $session->getUserId(), 'action' => 'service_added', 'details' => "Servizio '{$display_name}' ({$name}) aggiunto - SC#{$sc_id}", 'ip_address' => get_client_ip(), 'user_agent' => get_user_agent(), 'created_at' => date('Y-m-d H:i:s') ]); $msg = "βœ… Servizio '{$display_name}' aggiunto! (SC#{$sc_id})"; $msg .= " | Whitelist: {$whitelist_file}"; if ($html_403_path) $msg .= " | 403.html: {$html_403_path}"; else $msg .= " | ⚠️ 403.html: specifica DocumentRoot per creazione automatica"; $session->setFlash('success', $msg); } catch (Exception $e) { $session->setFlash('error', 'Errore aggiunta servizio: ' . $e->getMessage()); } redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; case 'toggle_service': $sc_id = (int)$_POST['sc_id']; $new_status = $_POST['new_status'] === 'active' ? 'active' : 'inactive'; $db->update('services_configured', ['status' => $new_status], ['id' => $sc_id]); $session->setFlash('success', "Servizio " . ($new_status === 'active' ? 'attivato' : 'disattivato')); redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; case 'delete_service': $sc_id = (int)$_POST['sc_id']; // Non eliminare webmin o usermanager if ($sc_id == 1 || $sc_id == 19) { $session->setFlash('error', 'Non puoi eliminare Webmin o User Manager'); redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; } // Controlla device collegati $db->query("SELECT COUNT(*) as cnt FROM devices WHERE service_id = ?", [$sc_id]); $device_count = $db->fetch()['cnt']; if ($device_count > 0) { $session->setFlash('error', "Impossibile eliminare: {$device_count} device collegati. Rimuovi prima i device."); redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; } // Recupera info per cleanup $db->query("SELECT sc.*, sa.name FROM services_configured sc JOIN services_available sa ON sc.service_id = sa.id WHERE sc.id = ?", [$sc_id]); $svc = $db->fetch(); if ($svc) { // Elimina whitelist $wl_file = "/etc/modsecurity/usermanager-whitelist-{$svc['name']}.conf"; if (file_exists($wl_file)) unlink($wl_file); // Elimina 403.html se doc_root disponibile if (!empty($svc['doc_root'])) { $html_file = "{$svc['doc_root']}/403.html"; if (file_exists($html_file)) unlink($html_file); } // Elimina da DB $db->delete('services_configured', ['id' => $sc_id]); $db->delete('services_available', ['id' => $svc['service_id']]); $session->setFlash('success', "Servizio '{$svc['custom_name']}' eliminato con whitelist e 403.html"); } redirect(BASE_URL . '/superadmin_panel.php?page=services'); break; } } // ============================================================================ // CARICA DATI // ============================================================================ $db->query("SELECT sc.*, sa.name as svc_name, sa.display_name as sa_display, sa.modsec_uri_pattern, sa.modsec_enabled, (SELECT COUNT(*) FROM devices d WHERE d.service_id = sc.id AND d.status = 'active') as active_devices, (SELECT COUNT(*) FROM devices d WHERE d.service_id = sc.id) as total_devices FROM services_configured sc JOIN services_available sa ON sc.service_id = sa.id ORDER BY sc.id ASC"); $services = $db->fetchAll(); $total_services = count($services); $active_services = count(array_filter($services, fn($s) => $s['status'] === 'active')); ?>
βš™οΈ
Servizi Totali
βœ…
Servizi Attivi
πŸ“±
Device Totali Collegati

βš™οΈ Servizi Configurati

ID Servizio URL Ruoli Devices Stato File Azioni
#

πŸ“ 		attivi $s['active_devices']): ?>
totali 		βœ… WL' : '❌ WL' ?>
βœ… 403' : '❌ 403' ?>
πŸ”’ Protetto

βž• Aggiungi Nuovo Servizio

Aggiunge il servizio al database, crea whitelist ModSecurity e 403.html automaticamente.

Necessario per creare automaticamente il file 403.html nella directory corretta
Lascia vuoto se il servizio ha un vhost/porta dedicata
ℹ️ Cosa verrΓ  creato automaticamente:
  • Entry in services_available e services_configured
  • File whitelist: /etc/modsecurity/usermanager-whitelist-[nome].conf
  • Pagina 403.html nella DocumentRoot specificata

⚠️ Dopo l'aggiunta, configura manualmente: Include whitelist nel vhost Apache e ErrorDocument 403