The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Prevent domain.com:2082 logins

Discussion in 'General Discussion' started by Krydos, Jul 18, 2017.

  1. Krydos

    Krydos Active Member

    Joined:
    Jun 2, 2012
    Messages:
    42
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    I've searched around and I can't find an answer to this:

    Say my company website is company.com and each server is a subdomain like server1.company.com and server2.company.com. Say I'm a user and I have the domain example.com hosted on my cpanel account.

    The way we want people to be able to log into cPanel is through server1.company.com:2083 but some people have port 2083 blocked by their schools or work or country or whatever so we want cpanel.server1.company.com:80 to work too. We don't want example.com:2082 or example.com:2083 or cpanel.example.com:80 to work. If it doesn't have server1.company.com in the url we want it to redirect to server1.company.com:2083 unless they really really need to use port 80 in which case they can use cpanel.server1.company.com. Is there any way to do this?
     
    #1 Krydos, Jul 18, 2017
    Last edited by a moderator: Jul 19, 2017
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
  3. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    You already have the ability to use your hostname for proxy URL's, you have to add the DNS manually(as far as I can tell) but if you look at apache conf:

    Code:
    RewriteEngine On
    RewriteCond %{HTTP_HOST} =autodiscover.server1.domain.com
    RewriteRule ^ http://127.0.0.1/cgi-sys/autodiscover.cgi [P]
    RewriteCond %{HTTP_HOST} =cpanel.server1.domain.com
    RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
    ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
    RewriteCond %{HTTP_HOST} =webdisk.server1.domain.com
    RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
    ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
    RewriteCond %{HTTP_HOST} =webmail.server1.domain.com
    RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
    ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
    </VirtualHost>
    
    The rules are already there so just create the A Record for cpanel.server1.company.com whm.server1.company.com webmail.server1.company.com and you should be all set!
     
  4. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Sorry, I am trying to figure this out as I respond ;) so that config doesn't exist automatically.

    It exists because we install the SSL of the server hostname using WHM > Install an SSL Certificate on a Domain

    this way we can set it as the default SSL on shared IP's so none of our customers sites show when visiting https://serverip

    but it does work for your situation minus the fact you would need to purchase a seperate SSL for each proxy sub..subdomain.

    *Back to the drawing board =X
     
  5. Krydos

    Krydos Active Member

    Joined:
    Jun 2, 2012
    Messages:
    42
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    You might be on to something! I always avoid manually editing the httpd.conf because cpanel. So my first thought was to try .htaccess in /usr/local/cpanel/base/frontend/paper_lantern/ but that doesn't work. Apparently cpanel doesn't support .htaccess there. Maybe if I edit that RewriteCond/RewriteRule section in httpd.conf I can get it to do what I want it to do. Then I would have to distill the httpd.conf to prevent the changes from being lost immediately...

    Update:

    So, that's only going to affect stuff like cpanel.example.com on port 80. It's not going to rewrite anything on port 2082 or 2083.
     
    #5 Krydos, Jul 18, 2017
    Last edited by a moderator: Jul 19, 2017
  6. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    That wouldn't work just because that isn't a valid path in terms of a doc root, it wouldn't be referenced by Apache.

    If you wanted to write rules to affect all domains, you could use an include via the Include Editor:

    WHM > Service Configuration > Apache Configuration > Include Editor

    Would add it to a Pre VirtualHost Include which should make it take precedence over the rewrite rules cPanel uses for proxy subdomains since it should come before, but would need to test that a bit.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You could setup custom firewall rules that block or redirect access to ports such as 2083 and 2087 on the IP addresses associated with the domain names on the server. Then, setup the server's hostname so it resolves to an IP address not used by any other domain name. The following StackOverflow thread may help you to set this up:

    ConfigServer Security Firewall & port forwarding

    Thank you.
     
  8. Krydos

    Krydos Active Member

    Joined:
    Jun 2, 2012
    Messages:
    42
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    Too funny!

    I just did exactly that. I use CSF and here is the rule I just wrote in csf.redirect:
    Code:
    *|2082|*|2083|tcp
    
    That takes any IP that connects with tcp on port 2082 and sends them to port 2083 where cpanel handles the redirects to https and changes the domain to the server1.company.com style I want to enforce. I came here to update my thread and found I had been beaten to it by a week. :)
     
    cPanelMichael likes this.
  9. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    You can force all non encrypted cPanel ports to their secure port via WHM > Tweak Settings > Require SSL for cPanel Services

    so CSF isn't really needed but I guess whatever works :)
     
  10. Krydos

    Krydos Active Member

    Joined:
    Jun 2, 2012
    Messages:
    42
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    I would love to block all of the non-secure ports, but there are way too many people who can't use encryption, or can't use any ports except 80/443, etc.
     
  11. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Well there are plenty of secure ports that do not utilize 443, but even still, you can force anyone using 80 to use 443 with the same option in Tweak Settings.
     
Loading...

Share This Page