Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

What is the correct way to set up cPanel behind a firewall?

Discussion in 'General Discussion' started by Senor, Oct 1, 2008.

  1. Senor

    Senor Active Member

    Jun 12, 2007
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Say I have my router/firewall with external IP and internal IP of Also say I have my webserver running cPanel with an interal IP of

    First of all, is this recommended or should I have my cPanel box with the public IPs?

    Second, if it's ok to have it behind my router, what cPanel configuration changes do I need to make to ensure it will run properly? Assume I have all my port forwarding set up correctly on my router. Domains will still need to have DNS entries that match that of my public IP (, but Apache config files will need to have the internal ( IP, correct? What do I need to change to make sure this is all set up properly when I add a new domain.

    Also, with the "fix" of domains needing their own IP for SSL certificates, in a shared environment, would I then need to add additional IPs both to the public side of my router (ex: as well as my cPanel box (ex:

    I'm just curious what all I need to do to make cPanel function properly behind a firewall.

    Thanks in advance!

  2. brianoz

    brianoz Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I guess if you really know what you are doing, you could put your cPanel box behind a firewall/router box but I can't think of any advantage in doing that.

    The normal approach is to make the cPanel IPs public and run something like CSF to add an additional layer of security. One specific advantage of running CSF over your native hardware firewall is that it has various smarts in it and will detect a lot of hack attempts and ban the hacker IP, thus limiting the time they have for security scans/breakin attempts.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice