Block all access to cPanel Except through WHM?
We own all the accounts and domains on our VPS, and there isn't a need to access cPanel outside of logging into WHM and then clicking on whichever user to login as.
We also don't want anyone to try to brute force each domain.com:2082 or each domain.com/cpanel etc.
Is this possible? Can you turn off all access to cPanel EXCEPT for logins through WHM?
If not, is the only solution to restrict to only our IPs? The problem there is when traveling, and we'd have to use noip.com and whitelist by hostname.
-
closing the ports in CSF should also achieve what you're after. did you try HAC to deny cpaneld Cpaneld All Deny 0 -
You wouldn't need to block by IP for host access control @keat63 has it correct The format is: service : IP address : action
cpaneld : ALL : Deny
This would disallow all IP's from accessing cPanel but not affect WHM accessWe could just use noip.com or similar dynamic DNS provider, and then whitelist 5 hostnames while denying all the others.
All hostnames must resolve to an IP address - so I don't see how this would work in the way you're thinking it would.0 -
You wouldn't need to block by IP for host access control @keat63 has it correct The format is:
service : IP address : action
cpaneld : ALL : Deny
This would disallow all IP's from accessing cPanel but not affect WHM access All hostnames must resolve to an IP address - so I don't see how this would work in the way you're thinking it would.
So I would still be able to login to WHM and be able to click the cP icon to login to a given user's cPanel account as them, even if denying cpaneld to all? As for noip.com... you download an app that keeps them constantly updated with your current IP, or you manually login to their backend and update it as needed. Then the myusername.noip.com hostname will always resolve to your current IP.0 -
So I would still be able to login to WHM and be able to click the cP icon to login to a given user's cPanel account as them, even if denying cpaneld to all?
No, you'd have to allow specific IP's that you want to be able to accessAs for noip.com... you download an app that keeps them constantly updated with your current IP, or you manually login to their backend and update it as needed. Then the myusername.noip.com hostname will always resolve to your current IP.
Not only would you still have to allow per IP address but you'd have to find a way to allow based on a hostname which I'm unaware of something that will do this. Most access control/firewalling is IP based not hostname based due to the fact that hostnames must resolve to an IP.0 -
No, you'd have to allow specific IP's that you want to be able to access Not only would you still have to allow per IP address but you'd have to find a way to allow based on a hostname which I'm unaware of something that will do this. Most access control/firewalling is IP based not hostname based due to the fact that hostnames must resolve to an IP.
CSF has a setting for DYNDNS Whitelisting a Dynamic IP in CSF " Kindly do the needful But what I really wanted to know was if there was alternative, without having to do it this way. I think this is what I'd have to do, as a VPN isn't really ideal for us.0 -
There isn't anything native to cPanel that will perform the function you're looking for in the way you're looking to do it. 0
Please sign in to leave a comment.
Comments
8 comments