Block ports 2082 and 2086 in cPanel/WHM ?

kazimir82

Member
Apr 15, 2011
14
0
51
On my VPS I have both unsecure (http) access to cPanel and WHM on ports 2082 and 2086, and secure (https) on 2083 and 2087.

Is it possible to disable the unsecure versions, so that no login & passwords are ever being transmitted in plaintext?

I guess blocking ports 2082 and 2086 would do the job, how/where can I do that? Or is there another way to disable the http (not https) pages?
 

kazimir82

Member
Apr 15, 2011
14
0
51
Have a close look at your preferences here:

WHM > Tweak Settings > Redirection tab.
Thanks, but exactly where do I find this? Not sure if I'm looking in the right place, my VPS is using WHM 11.28.83 on CENTOS 5.5 and I can't find the items you mentioned in the main WHM menu?
 

kazimir82

Member
Apr 15, 2011
14
0
51
Lots. You have a limited access account (or Reseller) to WHM. This is why you can't find the Tweak Settings options.

It's easy to compare, open up the WHM demo I've linked you to in one browser and open your WHM in another and take a look. ;)
Sorry if I seem blind or retarded ;) but I can't find it there either..? You are referring to the first one, right? ("Root and Reseller Admin Panel", i.e. this or this)

If I go there and search for Tweak or Redirect it doesn't seem to be there?
 

kazimir82

Member
Apr 15, 2011
14
0
51
My apologies, the account in the Demo is restricted a bit as well. Attached is what the full WHM side menu looks like, for root user. A Reseller account can have access to this section you dont have, but only if root user says so. ;)
Aah OK, all clear now :)

I will ask my host if they can enable these features for me. Thanks again!!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
38
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
As a reseller, you won't be able to block ports 2082 and 2086 regardless as you won't have iptables access, CSF access (if installed) nor be able to change Tweak Settings. The reason for this being the case is that any changes you were to make in any interface or component would impact everyone on the machine.

If the provider does not want to block of 2082 and 2086 for the machine itself, you could simply ask them to block those ports on your IP provided you have your reseller user on a dedicated IP that the host is not sharing with other accounts that aren't part of your reseller account. It is possible in iptables to block ports on select IPs.
 

kazimir82

Member
Apr 15, 2011
14
0
51
Thanks again Tristan, I've been in touch with them and they fixed it some other way in the end: they enforced SSL access on cPanel & WHM (don't know how/where but apparently this was something they could configure). So if I now browse to port 2082 or 2086 I get a cPanel / WHM page saying "SSL is required", with a link to the https version (on ports 2083 and 2087 respectively). No login information is being entered anymore in any unsecure connection. Which is good :)