LinkBack URL
About LinkBacksI tried searching on Google and here but did not find a way to do this yet. Is it possible to restrict access to WHM by IP address? Only allowing IP's from my country/state and denying all other world IP's?
Thanks
Restrict WHM Access by IP
I tried searching on Google and here but did not find a way to do this yet. Is it possible to restrict access to WHM by IP address? Only allowing IP's from my country/state and denying all other world IP's?
Thanks
One way I can think of doing this is using Host Access Control in the WHM interface.Originally Posted by LGRCompEnt
In case you lock yourself out accidentally, realize this is just a GUI for /etc/hosts.allow and /etc/hosts.deny
You can also do this in the firewall access list such as APF
Locking down CPanel / WHM
Hi,
I would like to be able to lock down all CPanel / WHM accesses having root priviledges by limiting access to specific IP addresses.
Most solutions I've seen posted online are either vague or involve configuring firewall rules, which I'm guessing will apply to ALL cpanel / WHM accesses on that server instead of only the root CPanel/WHM accesses. I would be particularly interested in a solution implemented at the application level instead of the server configuration level. So any advice on this would be much appreciated!
Thanks.
Hello,
I'm looking for the same solution, to limit root access to whm just to a specific IP/subnet. No luck yet. Any advice would be greatly appreciated.
Thank you!
You can do this in Host Access Control area in WHM. It's the easier way to do it and pretty straightforward to setup.
Simply put the following into WHM > Host Access Control area:
The allow line(s) must be above the deny ones or else you will block yourself out of WHM on the machine and need to edit /etc/hosts.allow in root SSH to unlock WHM. You can put a range for the IP section as well, so 74.74.74.0/24 if your IP were in the 74.74.74.1-74.74.74.254 range. If you had an even larger dynamic range, you could do 74.74.0.0/16 to handle it where 74.74 is the first two octets of the IP range.Code:Daemon Access List Action Comment whostmgrd YourIP allow whostmgrd all deny
Hello,
Thank you for your answer.
And this should restrict the access to whm ONLY for root?
I don't want the other users/resellers to be affected.
No, it will restrict WHM access period. You will need to add the IPs for the Resellers in Host Access Control for them to access WHM.
I don't know what other users you mean here. It doesn't restrict cPanel access, only WHM, and the only kinds of users that exist for WHM access are root and Reseller (even a Reseller with root privileges is still a Reseller user as the user is setup in Reseller Center, which by definition makes them a Reseller).
Last edited by Miraenda; 07-08-2010 at 07:37 AM.
Thank you, this is the answer I was looking for! So there isn't a solution for what I want. I am new to cpanel/whm and used to Plesk, wich has feature called "Control Panel Access". Well, ok, thank you for clarifying, have a nice day!
You're welcome and I'm sorry that the existing options for Host Access Control don't allow this functionality.
This issue looks like it will be best addressed by the Security Policy functionality we are introducing in 11.26 (currently designated 11.25.1).
You can monitor the progress of this implementation at http://go.cPanel.net/progress
Thank you for the info. I see horde will be upgraded too, wich is greati was waiting for this new look of it.
As of "11.25.0-RELEASE_46156" Host Access Control does not support CIDR notations. Netmasking only.
Hence 74.74.0.0/16 -> 74.74.0.0/255.255.0.0
For this I would also recommend adding the following option and store security questions and answers as encrypted values or have the ability to disable this option. As the secret question is now becoming a problem due to it being the same thing for many services and easier to guess by social engineering then a password is now.
New security feature(s):
1. When a user logs in check their IP address, if it is not on a whitelist that the user has setup send an email to their email account with a description of the login and a link to add that IP to their whitelist. But only show this after the proper credentials have been used (username and password).
Example:
2. Have a list of cPanel,WHM, FTP, SFTP/SSH logins in the Security Center (label it Login Logs) for the system administrators. Maybe having an option to clear the logs after x amount of months but nothing set by default.Attention [username],
An attempt to login to your account from the following address was not allowed due to the address not being on your whitelist.
IP:
1.2.3.4
Hostname:
4.2.3.1.hostname.com
To authorize the IP to login to your account please use the following link:
https://example.com:2083/authorize/k...21B54E8D1F1AC6
If this is an unauthorized iP please contact support and report the issue.
3.For the clients cPanel allow them to view all logins to their account and not prune these records.
If these logs are large, add the ability to have a cron run at regular intervals to query this information and store it in a database.
Last edited by TheHeartSmasher; 07-21-2010 at 04:42 PM.
Important cPanel/WHM Version Number Designation Change
Please Note: Important cPanel/WHM Version Number Designation Change
As of July 28, 2010 the cPanel/WHM version number designations have been officially changed.
Version 11.25.1 is now designated 11.28 and version 11.25.2 is now designated 11.30.
These new changes were explained in some detail recently at the July 2010 - Quarterly Road map - Webinar direct from cPanel's PodCast Studio in Houston, Texas with speakers David Grega and Mario Rodriguez.
An official press release about these changes is forthcoming and can be accessed at this link as soon as it's made available to the Forum Team:
Important cPanel/WHM Version Number Designation Change (To be updated)
This post serves to update users who are subscribed to threads (where this message is posted) looking forward to upcoming enhancements in future versions of cPanel.
Reply With Quote