Host access control. OK to deny all except for my static IP?

Jelf

Member
Jun 26, 2016
24
3
53
Redmond
cPanel Access Level
Root Administrator
I run a web server that is hosted as a VPS and admittedly I am more of a casual admin. My server hosts web pages, php scripts, and static files (pdf, csv, etc). Anyone can access those items.

I am the only user with access to SSH, cpanel, whm, email, etc.

Lately I have been learning how to improve security and as part of that process I have been reading up on Host Access Control.
I am only going to do sys admin stuff from my home office which has a static IP.

Is there any downside to allowing my static IP and my server IP and denying all other IPs for all the services listed under the Host Access Control? Any surprises waiting to jump out and bite me if go ahead and do this?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,974
921
313
cPanel Access Level
Root Administrator
Hey there! That seems like a good plan to me. If you are the only one accessing the WHM or cPanel tools you could restrict the access to those services to your local IP address. As long as that's a static IP, I wouldn't expect you to run into any odd issues.
 
  • Like
Reactions: Jelf

Jelf

Member
Jun 26, 2016
24
3
53
Redmond
cPanel Access Level
Root Administrator
Here is an update.
After I set cPanel to only allow my local IP, many cPanel features did not work.
Instead I saw an error message about authorization.

The solution was to also allow a range of IPs (69.195.126.*) used by Bluehost which is my service provider.