Firewall Exceptions For cPanel Server

Loneweaver

Member
Nov 30, 2016
18
1
3
Botswana
cPanel Access Level
Root Administrator
Hi all

I'm kind of struggling with setting up my cPanel server due to our strict network security standards. We currently have a live website that is hosted on cPanel and we occasionally run into problems due to our network firewall blocking some of the traffic.

I have raised several tickets with cPanel Support but it looks like they are not willing to assist due to our strict requirements. Some of these requirements are as follows.

1. cPanel License and Repository IPs: We cannot grant the server full access to the internet (even though it's in our DMZ). We have to specify a range of IPs that the server has to access. This has caused us issues become the server has to access cPanel servers for license validations and downloading repositories. What we asked from cPanel, which we obviously did not get, was for them to provide the IPs that host these required services (License, Repos). If there's anyone in this forum who has faced similar issues or with information about these IPs, please assist.

2. cPanel Support IPs: Our security policy is that we only allow specific IPs access to the server via SSH.

3. IPs needed for Installation: We are also setting up a new environment and struggling with installation due to reluctance of cPanel to provide us with IPs that the server needs to connect to doe the installation to complete without errors. Currently the installation process would halt half way due to the firewall blocking some of the connections which are not exempted in the policy
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
It seems to me that you are blaming cPanel support for failing to support you with a security configuration that may in fact not be compatible with how cPanel works. I can see no other reason for cPanel being unable to assist you.

CSF (free) will provide you with both an easy way to configure your firewall, and comes with the files of IPs that cPanel requires to be whitelisted for full functionality.

You may find the following documentation helpful:

How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation
Grant cPanel Support Access - Documentation - cPanel Documentation
 
  • Like
Reactions: Infopro

SoftDux

Well-Known Member
May 27, 2006
1,023
5
168
Johannesburg, South Africa
cPanel Access Level
Root Administrator
Hi all

I'm kind of struggling with setting up my cPanel server due to our strict network security standards. We currently have a live website that is hosted on cPanel and we occasionally run into problems due to our network firewall blocking some of the traffic.

I have raised several tickets with cPanel Support but it looks like they are not willing to assist due to our strict requirements. Some of these requirements are as follows.

1. cPanel License and Repository IPs: We cannot grant the server full access to the internet (even though it's in our DMZ). We have to specify a range of IPs that the server has to access. This has caused us issues become the server has to access cPanel servers for license validations and downloading repositories. What we asked from cPanel, which we obviously did not get, was for them to provide the IPs that host these required services (License, Repos). If there's anyone in this forum who has faced similar issues or with information about these IPs, please assist.

2. cPanel Support IPs: Our security policy is that we only allow specific IPs access to the server via SSH.

3. IPs needed for Installation: We are also setting up a new environment and struggling with installation due to reluctance of cPanel to provide us with IPs that the server needs to connect to doe the installation to complete without errors. Currently the installation process would halt half way due to the firewall blocking some of the connections which are not exempted in the policy
I cannot see why you would want to use cPanel in such a strict environment. Needless to say, simply ask cPanel which IP addresses you need to whitelist in your firewall to allow access to / from their servers.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello @Loneweaver,

The following document is available to help you to configure your firewall:

How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation

As far as which cPanel update server IP addresses to whitelist, you can find a recent list of mirrors by running a command like this on your system:

Code:
dig +short httpupdate.cpanel.net
For the license servers, you can use a similar command:

Code:
dig +short auth.cpanel.net
A list of IP addresses used by our Technical Support Department is available at:

Grant cPanel Support Access - Documentation - cPanel Documentation

Let us know if you have any additional questions.

Thanks!