{
    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
    my $webmailStatus = $roundcube{'status'} || "disabled";

    my $dirs;
    $dirs{roundcube} = '/usr/share/roundcubemail/public_html';
    $dirs{roundcubemail} = "$dirs{roundcube}";
    $dirs{horde} = "$dirs{roundcube}";
    $dirs{webmail} = "$dirs{roundcube}";

    my @places=('webmail','horde','roundcubemail','roundcube');
    push(@places,$roundcube{'URL'}) if ((exists $roundcube{'URL'}) && ($roundcube{'URL'} ne ''));

    return "    # webmail is disabled in this VirtualHost"
            unless $webmailStatus eq 'enabled';

    foreach $place (@places)
    {
        if (($port eq "$httpPort") && ($haveSSL eq 'yes') )
        {
            my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
            $OUT .= "    RewriteRule ^/$place(/.*|\$)    https://%{HTTP_HOST}${portspec}/$place\$1 [L,R]\n";
        } else {
            $OUT .= "    Alias       /$place   $dirs{$place}\n";
        }

        $OUT .= "    <Location '/$place'>\n";
        # strict CSP not yet supported see https://github.com/roundcube/roundcubemail/issues/6202 and few others
        $OUT .= "       Header set Content-Security-Policy \"default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self'; connect-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self';\"\n";
        $OUT .= "    </Location>\n";

    }
}

