Restrict WHM to a specific computer

GoWilkes

Well-Known Member
Sep 26, 2006
616
25
178
cPanel Access Level
Root Administrator
Is there a way to restrict WHM, SSH, and FTP to approved computers? Not by IP, but by installing a certificate on the computer or something?

I'm using mobile internet at home, and realized that my IP changes pretty much daily. Last week the range was 172.58.0.0/16, then yesterday morning it was 207.246.66.0/32, and then last night and today it’s 162.210.0.0/16. There's just no common variable, so I can't use Host Access Control.
 

andrew.n

Well-Known Member
Jun 9, 2020
679
209
43
EU
cPanel Access Level
Root Administrator
If you use DynDNS or a provider like that which provides a hostname (subdomain) for your ever changing IP then it might be possible to restrict access by hostname(subdomain) instead of IP.
 
  • Like
Reactions: GoWilkes

GoWilkes

Well-Known Member
Sep 26, 2006
616
25
178
cPanel Access Level
Root Administrator
DynDNS sounds like maybe the right direction... it's $50 /year, though, so not exactly ideal. But if nothing else works then that might be $50 now to save myself hours of headaches down the road...
 
  • Like
Reactions: cPRex

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I have this same issue, where my home IP is dynamic, however, my office IP is static.
So I created a VPN into the office, so now my home IP can be the same IP as the office (when I need it)
Then restrict access via HAC.

If you do go down the Host Access Control route, I would strongly suggest contacting your data centre and obtaining their IP addresses.
In the event that you somehow find yourself locked out, they will have a back door.
 
  • Like
Reactions: GoWilkes and cPRex

GoWilkes

Well-Known Member
Sep 26, 2006
616
25
178
cPanel Access Level
Root Administrator
I'm making a poor-boy's workaround...

First, for each domain, I created this at /etc/apache2/conf.d/userdata/ssl/2_4/[account]/[domain.com]:

Code:
RewriteEngine on

RewriteCond %{REQUEST_URI} /(?:phpMyAdmin|cpanel|frontend|3rdparty|whm|configserver)/ [NC,OR]
RewriteCond %{SERVER_PORT} ^208[37]$

RewriteCond %{HTTP_COOKIE} !cookie_name=specific_value;
RewriteRule ^ - [F]
Then I created a PHP script in the /www/ directory that sets a persistent cookie with the corresponding name and value. After the appropriate device has loaded the cookie, I manually delete that script.

This doesn't restrict FTP, of course, and it's a little bit of work, but at least it adds another layer of security.