The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall Exceptions For cPanel Server

Discussion in 'Security' started by Loneweaver, Jul 8, 2017.

Tags:
  1. Loneweaver

    Loneweaver Member

    Joined:
    Nov 30, 2016
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Botswana
    cPanel Access Level:
    Root Administrator
    Hi all

    I'm kind of struggling with setting up my cPanel server due to our strict network security standards. We currently have a live website that is hosted on cPanel and we occasionally run into problems due to our network firewall blocking some of the traffic.

    I have raised several tickets with cPanel Support but it looks like they are not willing to assist due to our strict requirements. Some of these requirements are as follows.

    1. cPanel License and Repository IPs: We cannot grant the server full access to the internet (even though it's in our DMZ). We have to specify a range of IPs that the server has to access. This has caused us issues become the server has to access cPanel servers for license validations and downloading repositories. What we asked from cPanel, which we obviously did not get, was for them to provide the IPs that host these required services (License, Repos). If there's anyone in this forum who has faced similar issues or with information about these IPs, please assist.

    2. cPanel Support IPs: Our security policy is that we only allow specific IPs access to the server via SSH.

    3. IPs needed for Installation: We are also setting up a new environment and struggling with installation due to reluctance of cPanel to provide us with IPs that the server needs to connect to doe the installation to complete without errors. Currently the installation process would halt half way due to the firewall blocking some of the connections which are not exempted in the policy
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    260
    Likes Received:
    76
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    It seems to me that you are blaming cPanel support for failing to support you with a security configuration that may in fact not be compatible with how cPanel works. I can see no other reason for cPanel being unable to assist you.

    CSF (free) will provide you with both an easy way to configure your firewall, and comes with the files of IPs that cPanel requires to be whitelisted for full functionality.

    You may find the following documentation helpful:

    How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation
    Grant cPanel Support Access - Documentation - cPanel Documentation
     
    Infopro likes this.
  3. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    990
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    I cannot see why you would want to use cPanel in such a strict environment. Needless to say, simply ask cPanel which IP addresses you need to whitelist in your firewall to allow access to / from their servers.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Loneweaver,

    The following document is available to help you to configure your firewall:

    How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation

    As far as which cPanel update server IP addresses to whitelist, you can find a recent list of mirrors by running a command like this on your system:

    Code:
    dig +short httpupdate.cpanel.net
    For the license servers, you can use a similar command:

    Code:
    dig +short auth.cpanel.net
    A list of IP addresses used by our Technical Support Department is available at:

    Grant cPanel Support Access - Documentation - cPanel Documentation

    Let us know if you have any additional questions.

    Thanks!
     
Loading...

Share This Page