cPHulk whitelist/blacklist precedence

dcusimano

• May 14, 2018 14:22

cPHulk has IP "Whitelist Management", IP "Blacklist Management" and "Countries Management". What is the relative precedence of these lists? What if an IP is on more than one of these lists? For example, if I whitelist an IP in a country (e.g.: Canada) and then blacklist the country Canada, would access from that IP be allowed? If Country has precedence, I don't see why I would whitelist an entire country. I am in Canada (my server is in USA), so I currently blacklisted all countries except USA and Canada, and whitelisted portions of my ISP's IP ranges. I left USA and Canada as "not specified".

• 

  linux4me2

  • May 14, 2018 21:38

  My understanding based on other threads here and the documentation for cPHulk is that if you whitelist an IP, you will be allowed to log in using that IP even if the country that IP belongs to is blacklisted. I'm basing that on the recommendation in the documentation that you whitelist your own IP in order not to get locked out by cPHulk with other settings. It seems like the order of precedence is whitelist -> blacklist -> country list.

  I am in Canada (my server is in USA), so I currently blacklisted all countries except USA and Canada, and whitelisted portions of my ISP's IP ranges. I left USA and Canada as "not specified".

  
  I believe that is correct for your situation.

  0
• 

  24x7server

  • May 15, 2018 06:25

  Hi,

  cPHulk has IP "Whitelist Management", IP "Blacklist Management" and "Countries Management". What is the relative precedence of these lists? What if an IP is on more than one of these lists?

  
  The whitelist configuration is referred first and then the blacklist configuration. This hold true for almost all configuration in Linux..

  0
• 

  cPanelLauren

  • May 15, 2018 17:49

  The answers provided here by @linux4me2 and @24x7server are both correct. Please let us know if you have any other concerns about this @dcusimano :) Thanks!

  0
• 

  dcusimano

  • May 16, 2018 20:58

  Okay, so a whitelisted IP/country has precedence over a blacklisted IP/country. Perhaps mention this precedence on the "cPHulk Brute Force Protection" webpage in WHM. Also, on the Whitelist/Blacklist/Countries Management tabs, perhaps highlight any whitelist/blacklist overlaps (either fully or partially overlap). For example, a blacklisted IP (or IP range) that is within a whitelisted country would have no effect and would be highlighted.

  0
• 

  cPanelLauren

  • May 17, 2018 13:30

  Hi @dcusimano I think that's great advice for improvement and I think it would be welcomed as a feature request. You can open one using the link in my signature. Once you do let us know so anyone viewing this thread can go to and vote for it. Thanks!

  0

Please sign in to leave a comment.