Block all access to cPanel Except through WHM?

satoo · Jun 10, 2019

We own all the accounts and domains on our VPS, and there isn't a need to access cPanel outside of logging into WHM and then clicking on whichever user to login as.

We also don't want anyone to try to brute force each domain.com:2082 or each domain.com/cpanel etc.

Is this possible? Can you turn off all access to cPanel EXCEPT for logins through WHM?

If not, is the only solution to restrict to only our IPs? The problem there is when traveling, and we'd have to use noip.com and whitelist by hostname.

keat63 · Jun 11, 2019

Host Access Control, can control access to the following services.

cPanel (cpaneld)
WHM (whostmgrd)
Webmail (webmaild)
Web Disk (cpdavd)
FTP (ftpd)
SSH (sshd)
SMTP (smtp)
POP3 (pop3)
IMAP (imap)

Host Access Control - Version 68 Documentation - cPanel Documentation

Just make sure that you whitelist yourself before adding any block rules.

In brief:

In the boxes type:
All
Your IP (or range of IP's)
Allow

To deny cpanel access type:

Cpaneld
All
Deny

Make sure any deny rules appear after the allow rules.
I VPN in to my local domain server to get around the travelling thing.

satoo · Jun 11, 2019

keat63 said:
Host Access Control.

Host Access Control - Version 68 Documentation - cPanel Documentation

Yeah, I'm aware of Host Access Control. What I'm asking is... is the ONLY solution to block by IP? The problem with that is there might be 5 IPs which need access to WHM, and they're not all static IPs. It presents a whitelisting annoyance if we block all other IPs. We could just use noip.com or similar dynamic DNS provider, and then whitelist 5 hostnames while denying all the others. I'm asking if there's any alternative to that, like to simply block port 2082/2083 and /cpanel ...while still retaining the ability to login via WHM.

keat63 · Jun 11, 2019

closing the ports in CSF should also achieve what you're after.
did you try HAC to deny cpaneld

Cpaneld
All
Deny

cPanelLauren · Jun 11, 2019

You wouldn't need to block by IP for host access control @keat63 has it correct

The format is:

Code:

 service : IP address : action

Code:

cpaneld : ALL : Deny

This would disallow all IP's from accessing cPanel but not affect WHM access

satoo said:
We could just use noip.com or similar dynamic DNS provider, and then whitelist 5 hostnames while denying all the others.

All hostnames must resolve to an IP address - so I don't see how this would work in the way you're thinking it would.

satoo · Jun 11, 2019

cPanelLauren said:
You wouldn't need to block by IP for host access control @keat63 has it correct

The format is:

Code:

service : IP address : action

Code:

cpaneld : ALL : Deny

This would disallow all IP's from accessing cPanel but not affect WHM access

All hostnames must resolve to an IP address - so I don't see how this would work in the way you're thinking it would.

So I would still be able to login to WHM and be able to click the cP icon to login to a given user's cPanel account as them, even if denying cpaneld to all?

As for noip.com... you download an app that keeps them constantly updated with your current IP, or you manually login to their backend and update it as needed. Then the myusername.noip.com hostname will always resolve to your current IP.

cPanelLauren · Jun 11, 2019

satoo said:
So I would still be able to login to WHM and be able to click the cP icon to login to a given user's cPanel account as them, even if denying cpaneld to all?

No, you'd have to allow specific IP's that you want to be able to access

satoo said:
As for noip.com... you download an app that keeps them constantly updated with your current IP, or you manually login to their backend and update it as needed. Then the myusername.noip.com hostname will always resolve to your current IP.

Not only would you still have to allow per IP address but you'd have to find a way to allow based on a hostname which I'm unaware of something that will do this. Most access control/firewalling is IP based not hostname based due to the fact that hostnames must resolve to an IP.

satoo · Jun 11, 2019

cPanelLauren said:
No, you'd have to allow specific IP's that you want to be able to access

Not only would you still have to allow per IP address but you'd have to find a way to allow based on a hostname which I'm unaware of something that will do this. Most access control/firewalling is IP based not hostname based due to the fact that hostnames must resolve to an IP.

CSF has a setting for DYNDNS Whitelisting a Dynamic IP in CSF – Kindly do the needful

But what I really wanted to know was if there was alternative, without having to do it this way. I think this is what I'd have to do, as a VPN isn't really ideal for us.

cPanelLauren · Jun 11, 2019

There isn't anything native to cPanel that will perform the function you're looking for in the way you're looking to do it.

Thread starter	Similar threads	Forum	Replies	Date
	Block cPanel and WHM access	Security	3	Feb 16, 2023
J	Basic Question about Blocking Access to the WHM and CPanel Pages	Security	3	Mar 16, 2022
A	Blocking access to all WordPress sites on a cPAnels erver	Security	3	Dec 5, 2020
G	Client unable to access cPanel; IP blocked?	Security	2	Jan 8, 2010
L	Tell Cpanel to block access to an entire country?	Security	3	Aug 23, 2007

Search

Search

Block all access to cPanel Except through WHM?

satoo

Member

keat63

Well-Known Member

satoo

Member

keat63

Well-Known Member

cPanelLauren

Product Owner II

satoo

Member

cPanelLauren

Product Owner II

satoo

Member

cPanelLauren

Product Owner II