SSL Not redirect IP to hostname? (only HTTPS)

nadav123

Well-Known Member
Mar 2, 2020
93
8
8
Orlando, FL
cPanel Access Level
Root Administrator
Hey, what's up, guys.
I have a wired issue :/

server hostname redirects HTTP://my-ip:2087 works fine and redirects to the hostname: server.locksmithunit.cat

BUT
HTTPS://my-ip:2087 does not redirect redirects to the hostname: server.locksmithunit.cat o_O

I found this as well:

And this too:
https://forums.cpanel.net/threads/your-connection-to-this-site-is-not-secure.629131/

but it sounds wired to me...
is a breach, if I see it like this, everybody can check my IP and gets to this insecure login page of my hostname (without SSL).

I sure cPanel aware to this and you have a way redirect that properly from the IP to the HOSTNAME with SSL.

OR I AM WRONG? AND CPANEL DID IT IN PORPOSE?
MAYBE THIS PAGE SECURE IN ANOTHER WAY?

Please help.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
500
45
103
Houston, TX
cPanel Access Level
Root Administrator
Hello! Reaching the IP address via https won't work. It's not going to redirect properly since SSL certificates cannot be associated with IP addresses, but rather, domain names only.

Anyone who knows your IP address or server name can get to the WHM login. If someone has the hostname, they can simply do a DNS lookup and find the IP address it resolves to if needed. There simply isn't a practical way to completely hide your server's IP address.

You could, however, implement a solution like "host access control" to block out login attempts for WHM except for specific IP addresses.

 

nadav123

Well-Known Member
Mar 2, 2020
93
8
8
Orlando, FL
cPanel Access Level
Root Administrator
OK,
I got this page in WHM ( ATTACHED SCREENSHOT )
but what is the right "deamon" to block the login page?
and all other unsecured login pages.

if you can help me with the daemon name, i will put the allow and deny rules.

another question is:
it can damage something also? app running?
operation on the cloud?

(only asking just in case i will not damage something with the host access control)
 

Attachments

nadav123

Well-Known Member
Mar 2, 2020
93
8
8
Orlando, FL
cPanel Access Level
Root Administrator
Ok i think i got it, i gonna test it.
just in case i attached screenshot of what i did:
1635423369809.png

the first allow of whostmgrd is my IP
the second is deny any other one.

i see in the docs you send me the allow need to be before the deny rules.
tell me if i did it properly i gonna test it with a freind.

and thank you again,
is the second time you help me, very fast very clear answers.

Thank you :)