Block ports 2082 and 2086 in cPanel/WHM ?

[kazimir82]

On my VPS I have both unsecure (http) access to cPanel and WHM on ports 2082 and 2086, and secure (https) on 2083 and 2087.

Is it possible to disable the unsecure versions, so that no login & passwords are ever being transmitted in plaintext?

I guess blocking ports 2082 and 2086 would do the job, how/where can I do that? Or is there another way to disable the http (not https) pages?

[Infopro]

Have a close look at your preferences here:

WHM > Tweak Settings > Redirection tab.

[kazimir82]

Have a close look at your preferences here:

WHM > Tweak Settings > Redirection tab.

Thanks, but exactly where do I find this? Not sure if I'm looking in the right place, my VPS is using WHM 11.28.83 on CENTOS 5.5 and I can't find the items you mentioned in the main WHM menu?

[Infopro]

Do you happen to have a reseller account on this VPS? If yes, your host may have disabled some features in your WHM.

For a peek at all the default settings in WHM, you might like to check out the Demo located here:
Demo - cPanel Inc.

[kazimir82]

Do you happen to have a reseller account on this VPS? If yes, your host may have disabled some features in your WHM.

Ehm, I'm not sure to be honest How do I tell?

Here's a screenshot of my WHM main page:
http://img825.imageshack.us/img825/9...screenshot.png

And the rest of the menu:
http://img714.imageshack.us/img714/5918/whmmenu.png

Is there anything missing that should be there?

[Infopro]

Lots. You have a limited access account (or Reseller) to WHM. This is why you can't find the Tweak Settings options.

It's easy to compare, open up the WHM demo I've linked you to in one browser and open your WHM in another and take a look.

[kazimir82]

Lots. You have a limited access account (or Reseller) to WHM. This is why you can't find the Tweak Settings options.

It's easy to compare, open up the WHM demo I've linked you to in one browser and open your WHM in another and take a look.

Sorry if I seem blind or retarded but I can't find it there either..? You are referring to the first one, right? ("Root and Reseller Admin Panel", i.e. this or this)

If I go there and search for Tweak or Redirect it doesn't seem to be there?

[Infopro]

My apologies, the account in the Demo is restricted a bit as well. Attached is what the full WHM side menu looks like, for root user. A Reseller account can have access to this section you dont have, but only if root user says so.

[kazimir82]

My apologies, the account in the Demo is restricted a bit as well. Attached is what the full WHM side menu looks like, for root user. A Reseller account can have access to this section you dont have, but only if root user says so.

Aah OK, all clear now

I will ask my host if they can enable these features for me. Thanks again!!

[Infopro]

Sure thing. Only one issue there, I don't believe you can add just the Tweak Settings page for a Reseller. To give access to that area you give access to lots more at the same time.

[cPanelTristan]

As a reseller, you won't be able to block ports 2082 and 2086 regardless as you won't have iptables access, CSF access (if installed) nor be able to change Tweak Settings. The reason for this being the case is that any changes you were to make in any interface or component would impact everyone on the machine.

If the provider does not want to block of 2082 and 2086 for the machine itself, you could simply ask them to block those ports on your IP provided you have your reseller user on a dedicated IP that the host is not sharing with other accounts that aren't part of your reseller account. It is possible in iptables to block ports on select IPs.

[kazimir82]

Thanks again Tristan, I've been in touch with them and they fixed it some other way in the end: they enforced SSL access on cPanel & WHM (don't know how/where but apparently this was something they could configure). So if I now browse to port 2082 or 2086 I get a cPanel / WHM page saying "SSL is required", with a link to the https version (on ports 2083 and 2087 respectively). No login information is being entered anymore in any unsecure connection. Which is good