The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNSonly force secure connection

Discussion in 'Security' started by ManuelT, Oct 19, 2010.

  1. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I'm looking for a way to force the use of secure access to WHM on DNSonly this is trivial in the full version as it's a simple tick box under tweak settings but can't see any way in DNSonly.

    TIA.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If this is Linux, you could use iptables to block off 2086 in the firewall. Actually, on a DNS only machine, it's better to restrict all the ports entirely other than those you need. Since those boxes don't typically run Apache, email, MySQL and so on, there's no need to have a ton of ports opened.

    To restrict a port, you can do:

    Code:
    /sbin/iptables -I INPUT -p tcp -m tcp --dport 2086 -j DROP
    This will drop port 2086 for the INPUT (incoming) chain on TCP.

    After adding the rule and ensuring it does what you want it to do, you can then save it:

    Code:
    service iptables save
    Of note, since cpsrvd looks on port 2086 for the chkservd monitoring service check, this is going to cause a failure, so you would have to shut off monitoring in Service Manager for it. I did try switching cpsrvd to 2087 for the check, but it then fails with other errors.

    If you prefer not to block the port, the other option is to try to setup a redirection for it instead to port 2087. I do agree it would be very nice to have this option in the DNS only product.
     
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Try setting the following directive in /var/cpanel/cpanel.config:
    Code:
    requiressl=1
    Then restart cPanel:
    Code:
    # /usr/local/cpanel/startup
     
  4. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the help guys.

    Don's version seems closest and easiest to what i'm after so i'm using that but i'll add the feature to the request list.
     
Loading...

Share This Page