The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IP-restricted WHM/cPanel access

Discussion in 'General Discussion' started by dennis00, Dec 28, 2004.

  1. dennis00

    dennis00 Member

    Joined:
    Nov 9, 2002
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    I would like to restrict access to cPanel/WHM and SSH to my own ip's.

    What's the best way to do this? Is this possible using SSH?
     
  2. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    If you are using APF, you could remove the WHM/Cpanel + SSH ports from the allowed port numbers and then put your static dedicated IP address into /etc/apf/allow_hosts.rules. This will mean no access will be granted to the WHM/Cpanel/SSH ports except if you are coming from the IP address listed in allow_hosts (IPs listed there can access any port on the server)
     
  3. checksoft

    checksoft Well-Known Member

    Joined:
    Mar 16, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Let me jump in and say that's helpful to me as well. I am new to APF having just installed the latest version. Maybe you can help me figure this out. (At this time, Dev. Mode is set to 1)

    Lots of lines in the files come commented out. For example, every line in allow_hosts is commented out. I guess this means the firewall will allow all traffic in its default state.

    I added a lot of TCP_CPORTS to the conf file: IG_TCP_CPORTS="21,22,25,26,53,80,110,143,443,2082,2083,2086,2087,2095,2096"

    and left UDP_CPORTS as is, mainly because I'm at a loss for figuring it out:
    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS=""

    The documentation is good, but is lacking for neophytes I think. For example, I need to set up rules so my backup IP can be accessed through the firewall to allow FTP and
    FTP-DATA to xx.xx.xx.xx. Also I must open the firewall for TCP/UDP ports xxx, xxx,
    xxx, and xxx to xx.xx.xx.xx. How do I do this?

    Any tips are most welcome!

    Thanks
     
  4. fikse

    fikse Well-Known Member

    Joined:
    May 10, 2003
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    here is an example... in your allow_hosts.rules file:

    this will allow ftp in from an IP address:

    tcp:in:d=21:s=12.13.14.15


    just make sure in your main apf.conf file you don't have ftp open for everyone..... so in this line:

    IG_TCP_CPORTS="22"

    port 21 should NOT be listed....
     
  5. checksoft

    checksoft Well-Known Member

    Joined:
    Mar 16, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the info. However, since I operate a shared hosting server, if I do not list port 21, won't that deny access to those with sites on the server?
     
Loading...

Share This Page