Host access control. OK to deny all except for my static IP?

Jelf

Active Member
Jun 26, 2016
36
4
58
Redmond
cPanel Access Level
Root Administrator
I run a web server that is hosted as a VPS and admittedly I am more of a casual admin. My server hosts web pages, php scripts, and static files (pdf, csv, etc). Anyone can access those items.

I am the only user with access to SSH, cpanel, whm, email, etc.

Lately I have been learning how to improve security and as part of that process I have been reading up on Host Access Control.
I am only going to do sys admin stuff from my home office which has a static IP.

Is there any downside to allowing my static IP and my server IP and denying all other IPs for all the services listed under the Host Access Control? Any surprises waiting to jump out and bite me if go ahead and do this?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,497
1,967
363
cPanel Access Level
Root Administrator
Hey there! That seems like a good plan to me. If you are the only one accessing the WHM or cPanel tools you could restrict the access to those services to your local IP address. As long as that's a static IP, I wouldn't expect you to run into any odd issues.
 
  • Like
Reactions: Jelf

Jelf

Active Member
Jun 26, 2016
36
4
58
Redmond
cPanel Access Level
Root Administrator
Here is an update.
After I set cPanel to only allow my local IP, many cPanel features did not work.
Instead I saw an error message about authorization.

The solution was to also allow a range of IPs (69.195.126.*) used by Bluehost which is my service provider.
 

saman1

Registered
May 17, 2022
2
0
1
san francisco
cPanel Access Level
Root Administrator
i allowed my current ip and blocked all now i don't have access
HTTP error 401

You do not have permission to access this page.

what should i do
with knowing that my ip is correct and no one else need access
is that right that i should allow my server ip or hosting company ip too?
now what should i do
please s o s