Restricting access to account and cgi-bin requests

rihardmen

• July 25, 2023 11:38

Hello! I have a cpanel account on WHM that will be used as our own little API for some crypto wallet transaction handling, so security is of utmost importance. The cpanel account has some cgi-bin scripts that need to be secured and of course, the private key itself needs to be not accessible. The whole idea is to host a webpage on the same whm account on the same IP, just a different cpanel account, that would then make curl requests to the API account. I have already added Require ip 75.xxx.yyy.aaa And that really protects the cgi-bin directory but also seems to block requests from the other cpanel account. Looking at APIs access logs it shows a completely different IP address. How could I achieve so that only that webpage or only requests from my WHM are accepted? Also, do you have any pointers on my architecture and security for handling sending users crypto from private wallets based on websites logic?

• 

  cPRex Jurassic Moderator

  • July 25, 2023 17:59

  Hey there! I did reach out to one of our developers to get more details on how the API may handle this, and I'll let you know (or he'll reply) soon!

  0
• 

  cPRex Jurassic Moderator

  • July 26, 2023 14:32

  I spoke with the developers about the API system, and it sounds like the first issue that needs to be resolved is finding out why the IP that was added isn't the one that the request is coming from. You can add multiple IPs to the require block as well if that would help solve the issue. I don't have any comments about the security aspect as that is a bit beyond cPanel's function, so any "best practices" you can find for that area of security should be applied if possible.

  0
• 

  rihardmen

  • July 27, 2023 12:31

  Thank you! Might need to contact our VDS provider about the IP issue.

  0

Please sign in to leave a comment.