Host access control. OK to deny all except for my static IP?

Jelf

• January 31, 2021 18:03

I run a web server that is hosted as a VPS and admittedly I am more of a casual admin. My server hosts web pages, php scripts, and static files (pdf, csv, etc). Anyone can access those items. I am the only user with access to SSH, cpanel, whm, email, etc. Lately I have been learning how to improve security and as part of that process I have been reading up on Host Access Control. I am only going to do sys admin stuff from my home office which has a static IP. Is there any downside to allowing my static IP and my server IP and denying all other IPs for all the services listed under the Host Access Control? Any surprises waiting to jump out and bite me if go ahead and do this?

• 

  cPRex Jurassic Moderator

  • February 01, 2021 14:21

  Hey there! That seems like a good plan to me. If you are the only one accessing the WHM or cPanel tools you could restrict the access to those services to your local IP address. As long as that's a static IP, I wouldn't expect you to run into any odd issues.

  0
• 

  Jelf

  • February 01, 2021 15:07

  Thanks Maybe other single-user admins like me will see this and realize this is a good way to tighten up security on their server.

  0
• 

  Jelf

  • February 09, 2021 16:21

  Here is an update. After I set cPanel to only allow my local IP, many cPanel features did not work. Instead I saw an error message about authorization. The solution was to also allow a range of IPs (69.195.126.*) used by Bluehost which is my service provider.

  0
• 

  cPRex Jurassic Moderator

  • February 09, 2021 17:38

  There is always the risk of making things too restricted, but I'm glad you were able to track that down and get the issue resolved.

  0
• 

  saman1

  • May 17, 2022 12:56

  i allowed my current ip and blocked all now i don't have access HTTP error 401 You do not have permission to access this page. what should i do with knowing that my ip is correct and no one else need access is that right that i should allow my server ip or hosting company ip too? now what should i do please s o s

  0
• 

  cPRex Jurassic Moderator

  • May 17, 2022 15:19

  @saman1 - I would start by removing that restriction and then seeing if you still experience that error. If so, then you can be sure it is a firewall configuration issue. If not, there is likely something else causing the 401.

  0
• 

  saman1

  • May 17, 2022 17:14

  someone had disabled ssh so when i asked the master to give me access he started arguing that i myself have hacked the server so that i argue against them and i ran out

  0

Please sign in to leave a comment.