The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel + GeoIP (.htaccess)?

Discussion in 'Security' started by kujoez, Dec 26, 2009.

  1. kujoez

    kujoez Member

    Joined:
    Jul 6, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I was wondering if there is a way to put a .htaccess file that is used when somebody visits asite.com/cpanel or asite.com:2082? I currently only allow clients from 4 countries and would like to setup a whitelist using mod_geoip so that only users from these countries can login to cPanel. The reason being is a lot of users are signing up to my service from a proxy and then logging into cPanel with their normal IP. I know this won't completely resolve my issue but it's an added layer that they have to work around.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I have setup what you are asking many many times and I will be glad to give you all my code and tweaks on this freely and even give you a hand if you need some help ...

    I am busy at the moment in another window but I'll come back once I get a few free moments and post some information that might help you.
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I am back. Just had a few things to clear off my desk ....

    I would presume you already know how to install GEOIP including the
    "C Library" and the "Apache Module" and country database from your
    comments above so I will skip those instructions.

    Regarding "GEOIP Whitelists" ....

    The following is a WHITELIST configuration that you can adapt as you need allowing access by COUNTRY or CONTINENT and you just simply need to insert the correct country or continent codes in line:
    Code:
    <IfModule mod_geoip.c>
        SetEnvIf GEOIP_COUNTRY_CODE (US|CA|UK|GB|IE|AU|NZ|PH|NL|MX|EG|IN) AllowCountry
        SetEnvIf GEOIP_CONTINENT_CODE (EU|NA) AllowContinent
    </IfModule>
    
    <Files *>
    Order Deny,Allow
    Allow from 127.0.0.1
    Allow from env=AllowCountry
    Allow from env=AllowContinent
    Allow from All
    </Files>
    
    Regarding for /cpanel and :2082 connections:

    A cheesy but effective way to restrict using the above is to setup the above in the Apache config for Cpanel / WHM (preferred) or drop an .htaccess in the program folder (gets wiped too often and need to enable support for the .htaccess there). Alternatively, you can enable the GeoIP option in Chirpy's CSF firewall if you are running that though my experience with that particular option is it's still a little bit buggy but is another approach you can use to implement GEOIP based restrictions against the Cpanel / WHM service ports as well.

    Like I said above though, be glad to give you a hand if the above doesn't point you in the write direction but hopefully is helpful to you.
     
  4. kujoez

    kujoez Member

    Joined:
    Jul 6, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Sorry I'm just now getting back to this, for some reason my thread subscription to instantly e-mail me didn't save. :(

    If I put it in the apache config (httpd.conf right?) then that would block all sites on the server wouldn't it?
     
Loading...

Share This Page