The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TIP:Cpanel access from behind firewall

Discussion in 'General Discussion' started by sis3970, Mar 13, 2003.

  1. sis3970

    sis3970 Registered

    Joined:
    Dec 25, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I see this is a common problem for us webhosts that have a daytime job. I to work in the daytime from behind a dektop protected with a firewall blocking all but port 80.
    I found a workaround though.

    I installed a cgi-proxy on my main domain, password protected this, and used it to access Cpanel/WHM. Works great.

    You can find the script here.
    There is a autoinstaller wich works great, and takes about 10 seconds to complete here

    Kind regards,
    Sis

    _________________________________
    http://sisdesign.net
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Absolutely perfect. Nice find!!
     
  3. buabco

    buabco Member

    Joined:
    Jun 13, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    HI!

    I've followed the instructions above, and it worked fine, until I run it in a secure server, now it's painfully slow... anyone knows how to make it fast?
     
  4. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    We only use it for webmail - it's dreadfully slow otherwise. Tried both secure and non-secure and it just dragged. Other sites through the proxy work fine (be sure to limit the domains/hosts it can connect to before deploying though!)

    -David
     
  5. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    AWESOME, AWESOME! Now lets see if it works tomorrow behind the firewall. :D
     
  6. buabco

    buabco Member

    Joined:
    Jun 13, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    OK, some info on the CGI.

    It seems that it works very good if the page has little links and images, but is terribly slow if it has too much links or images.

    So it works fine with the webmail programs that uses little images, and it's slow with cpanel.

    I've noticed that if you ask the browser not to load images you can get a fast response, still it's better to use cpanel themes with less links.
     
  7. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    Thanks for the info. I will be testing this out tomorrow on site & will need to use it for webmail, cpanel & whm since all 3 ports have been blocked on that network.

    Questions about this script.
    1) Is this any more secure than basic http? I read somewhere that it is like a VPN connection. Is this true?
    2) Is this better or worse then just changing the iptables?
    3) Is there any way for an admin to block the ports I need access to now that I will use this script? I guess only if they block me from running the script right?


    EDIT: Works great!
     
    #7 ThunderHostingDotCom, Jan 26, 2004
    Last edited: Jan 30, 2004
  8. blaze64

    blaze64 Well-Known Member

    Joined:
    Feb 5, 2003
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Bummer... It won't work with WHM :(
     
  9. buabco

    buabco Member

    Joined:
    Jun 13, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    IT does work with WHM, just as I said its SLOW, so give it time.

    its not like a VPN connection since all you do basically is run a script that will do the internet connection for you, in other words what you do is make the server do the web browsing :)

    It's slow since the script has to change all the links in a web page and that requires a lot of processing.

    THe fun part is that since you are running it from your own sever you are not affected by the server firewall.

    In my case, I've blocked the nonscure ports of CPANEL forsing all my customers to use HTTPS.... still I can access this ports from the proxy script.
     
  10. blaze64

    blaze64 Well-Known Member

    Joined:
    Feb 5, 2003
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    You are correct! I guess my patience wasn't there. But it does work... just have to allow 10-15 seconds before it pulls the content. It seems to be very slow, but does not increase the server load (much).

    Very nice! Works 100%.
     
  11. zappz

    zappz Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
  12. blaze64

    blaze64 Well-Known Member

    Joined:
    Feb 5, 2003
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    I tried that one.... no luck. But I think it was a config issue on my end because it kept sending me to odd URL's.....
     
  13. maverick

    maverick Well-Known Member

    Joined:
    Jan 6, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I hope the Cpanel developers are taking note of this thread. With the imminent release of Windows XP SP2, it seems possible that a lot more users won't be able to access Cpanel without us all having to install a cgi-proxy.

    It would seem rational that it should be a high priority for the Cpanel developers to get port 80 access for Cpanel/WHM to be built-in and preferably the default.

    I suspect that reliance on non-standard ports will not be viable for Cpanel/WHM in the long term.

    Mav.
     
    #13 maverick, Mar 7, 2004
    Last edited: Mar 11, 2004
  14. blaze64

    blaze64 Well-Known Member

    Joined:
    Feb 5, 2003
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    This would actually be a pretty easy fix for the developers here. It's just a matter if they take note and care.......
     
  15. lindoughs

    lindoughs Registered

    Joined:
    Mar 10, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New Caledonia
    Thats simply not true, suggest you do some reading on how firewalls in general work :)
     
  16. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider

    SP2 Blocks incoming connections, not outgoing ones. That would just be plain silly. It would break tons of things.


    From MS:
    IPv4 outbound connections
    Description

    For typical consumer and office computers, very little network traffic is unsolicited. Windows Firewall considers outbound traffic and the corresponding responses to be the components of outbound connections. All outbound connections are automatically allowed by Windows Firewall. For more information about what network traffic Windows Firewall allows as part of Transmission Control Protocol (TCP) and User Data Protocol (UDP) outbound connections, see Notes, below.

    Action Required

    None. Windows Firewall will automatically allow all outbound connections, regardless of the program and the user context.

    More Info at:
    http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
     
  17. maverick

    maverick Well-Known Member

    Joined:
    Jan 6, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for confirming that for me, Nick - much appreciated.

    I guess my paranoia derived from the fact that whenever a corporation/institution installs a firewall the first thing to go are things like Cpanel access (this would still be the greatest complaint we receive from our customers - inability to access Cpanel/Webmail from work). It would also seem that a substantial proportion of internet cafes, public wireless networks etc also prohibit access to ports 2080-2099 (incoming and outgoing). From this observation (admitedly not understanding the real details of firewalls or being able to find a good description of what MS's new ICF was exactly going to do), I was concerned that this was to be the default state of Windows once SP2 was installed.

    Anyway, thanks again everyone for your comments.

    Mav.
     
  18. jdean

    jdean Registered

    Joined:
    Apr 9, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I tried this and it works fine for one of my cPanels (slow, but it works), but the other one is with a different service provider and it times out before the cPanel can display. Any suggestions?
     
  19. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    I would love to see a php version of this as cPanel Proxy does not quite cut it, especially on systems with phpsuexec.
     
  20. projectandrew

    projectandrew Well-Known Member

    Joined:
    Aug 27, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
Loading...

Share This Page