Restrict WHM to a specific computer

[GoWilkes]

Is there a way to restrict WHM, SSH, and FTP to approved computers? Not by IP, but by installing a certificate on the computer or something?

I'm using mobile internet at home, and realized that my IP changes pretty much daily. Last week the range was 172.58.0.0/16, then yesterday morning it was 207.246.66.0/32, and then last night and today it’s 162.210.0.0/16. There's just no common variable, so I can't use Host Access Control.

 

[ZenHostingTravis]

I don't think it is possible.

 

[andrew.n]

If you use DynDNS or a provider like that which provides a hostname (subdomain) for your ever changing IP then it might be possible to restrict access by hostname(subdomain) instead of IP.

 

[cPRex]

I also don't have a good suggestion for this either. Host Access Control would be my recommendation, but if the IP address is that dynamic where it changes each day, that won't be a good option.

 

[GoWilkes]

DynDNS sounds like maybe the right direction... it's $50 /year, though, so not exactly ideal. But if nothing else works then that might be $50 now to save myself hours of headaches down the road...

 

[keat63]

I have this same issue, where my home IP is dynamic, however, my office IP is static.
So I created a VPN into the office, so now my home IP can be the same IP as the office (when I need it)
Then restrict access via HAC.

If you do go down the Host Access Control route, I would strongly suggest contacting your data centre and obtaining their IP addresses.
In the event that you somehow find yourself locked out, they will have a back door.

 

[ZenHostingTravis]

Shorewall can filter by MAC address and it looks like some users have tried to get it to work with cPanel, with some success.

 

[GoWilkes]

I'm making a poor-boy's workaround...

First, for each domain, I created this at /etc/apache2/conf.d/userdata/ssl/2_4/[account]/[domain.com]:

RewriteEngine on

RewriteCond %{REQUEST_URI} /(?:phpMyAdmin|cpanel|frontend|3rdparty|whm|configserver)/ [NC,OR]
RewriteCond %{SERVER_PORT} ^208[37]$

RewriteCond %{HTTP_COOKIE} !cookie_name=specific_value;
RewriteRule ^ - [F]

Then I created a PHP script in the /www/ directory that sets a persistent cookie with the corresponding name and value. After the appropriate device has loaded the cookie, I manually delete that script.

This doesn't restrict FTP, of course, and it's a little bit of work, but at least it adds another layer of security.