Wissensdatenbank
Host Access Control Artikel drucken
Overview:
/etc/hosts.allow
file through the command line to regain access.-
The Create Support Ticket interface (WHM >> Home >> Support >> Create Support Ticket) automatically adds cPanel Support’s IP addresses to the server’s
/etc/hosts.allow file
. For more information, read our Create Support Ticket documentation. -
We updated the Host Access Control interface for CentOS 8 users. For more information on CentOS 8, read our cPanel & WHM for CentOS 8 documentation.
cPanel & WHM version 92 for CentOS 8 and CloudLinux 8 is experimental software and is not recommended for production environments.
Use the Host Access Control interface to allow or deny (block) access to the following services for specific IP addresses:
- cPanel (
cpaneld
) - WHM (
whostmgrd
) - Webmail (
webmaild
) - Web Disk (
cpdavd
) - FTP (
ftpd
) - SSH (
sshd
) - SMTP (
smtp
) - POP3 (
pop3
) - IMAP (
imap
)
-
To control access to the
ftpd
daemon, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers.-
To choose an FTP server, use WHM’s FTP Server Selection interface (WHM >> Home >> Service Configuration >> FTP Server Selection).
-
For more information, read our ProFTPD Configuration for Host Access Control documentation.
-
-
To control access to the POP3 or IMAP services, you may use the Dovecot® mail servers.
Allow or deny access for an IP address
You must enter your allow
rules before your deny
rules.
To allow or deny an IP address to access a service, perform the following steps:
-
Enter the service name in the daemon text box.
-
Enter the IP address or hostname in the Access List text box.
-
You may enter wildcards in this text box.
-
You must enclose IPv6 addresses in square brackets (
[ ]
). -
You cannot enter a range of IPv4 addresses with CIDR notation.
-
To specify a network range, add a network mask to the IP address.
-
IPv4 example:
192.168.0.0/255.255.255.0
, where255.255.255.0
is the desired network mask you want to use. -
IPv6 example:
[2001:0db8:0:0:1:0:0:1]/64
, where/64
is the desired CIDR-notation network mask you want to use.
-
-
-
Enter the desired action in the Action text box.
-
Enter
allow
to allow access. -
Enter
deny
to deny access.
-
-
Describe the rule in the Comment text box.
-
Click Save Host Access List, or click Reload to delete any changes.
You can also enter ALL EXCEPT IP address
in the Access List text box. When you enter allow
as your action, the system will allow all of the addresses except for addresses that you entered in the Access List text box.
Example
To allow access for two IP addresses, but deny access from all other addresses, use either of the following methods:
Create two separate rules:
-
Create one rule that allows
192.168.0.0/255.255.255.0
or[2001:0db8:0:0:1:0:0:1]/64
. -
Create a second rule that denies access to
ALL IP
addresses.
Create one rule:
-
Enter
all except 192.168.0.0/255.255.255.0
orall except [2001:0db8:0:0:1:0:0:1]/64
in the Access List text box. -
Enter
deny
in the Action text box.
Host Access Control for CentOS 8 and CloudLinux 8
-
cPanel & WHM version 92 for CentOS 8 and CloudLinux 8 is experimental software and is not recommended for production environments.
-
If you accidentally lock yourself out of WHM when you use this interface, edit the
nft
rules through the command line to regain access.
Add a rule
You must enter your allow
rules before your drop
or reject
rules.
To add a rule for an IP address range, perform the following steps:
-
Enter the port number in the Port text box.
-
Enter the IP address or range in the IP Address Range text box.
-
You may enter wildcards in this text box.
-
You do not need to enclose IPv6 addresses in square brackets (
[ ]
). -
You cannot enter a range of IPv4 addresses with CIDR notation.
-
To specify a network range, add a network mask to the IP address.
-
IPv4 example:
192.168.0.0/255.255.255.0
, where255.255.255.0
is the desired network mask you want to use. -
IPv6 example:
2001:0db8:0:0:1:0:0:1/64
, where/64
is the desired CIDR-notation network mask you want to use.
-
-
-
Select the TCP protocol or the UDP protocol from the Protocol menu.
-
Select which action to take for the port from the Action menu.
-
Use the ACCEPT action to allow the IP addresses in the range to access the port.
-
Use the DROP action to block the IP addresses in the range without a rejection message.
-
Use the REJECT action to block the IP addresses in the range with a rejection message.
-
-
Click Add Rule to add the rule. The rule will appear in the Current Rules table.
War diese Antwort hilfreich?
Verwandte Artikel
Overview: This interface allows you to disable the Apache mod_userdir module’s functionality for...
Overview: This interface lets you manage your server’s C and C++ compiler user access. This can...
Overview: The Configure Security Policies interface allows you to configure your security policy...
Overview: This interface allows you to configure cPHulk, a service that provides protection for...
Overview: The Manage External Authentications interface allows you to manage your server’s...