The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is the correct way to set up cPanel behind a firewall?

Discussion in 'General Discussion' started by Senor, Oct 1, 2008.

  1. Senor

    Senor Member

    Joined:
    Jun 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Say I have my router/firewall with external IP 1.2.3.4 and internal IP of 10.0.0.1. Also say I have my webserver running cPanel with an interal IP of 10.0.0.2.

    First of all, is this recommended or should I have my cPanel box with the public IPs?

    Second, if it's ok to have it behind my router, what cPanel configuration changes do I need to make to ensure it will run properly? Assume I have all my port forwarding set up correctly on my router. Domains will still need to have DNS entries that match that of my public IP (1.2.3.4), but Apache config files will need to have the internal (10.0.0.2) IP, correct? What do I need to change to make sure this is all set up properly when I add a new domain.

    Also, with the "fix" of domains needing their own IP for SSL certificates, in a shared environment, would I then need to add additional IPs both to the public side of my router (ex: 1.2.3.5) as well as my cPanel box (ex: 10.0.0.3)?

    I'm just curious what all I need to do to make cPanel function properly behind a firewall.

    Thanks in advance!

    Jay
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I guess if you really know what you are doing, you could put your cPanel box behind a firewall/router box but I can't think of any advantage in doing that.

    The normal approach is to make the cPanel IPs public and run something like CSF to add an additional layer of security. One specific advantage of running CSF over your native hardware firewall is that it has various smarts in it and will detect a lot of hack attempts and ban the hacker IP, thus limiting the time they have for security scans/breakin attempts.
     
Loading...

Share This Page