Allow a particular Ip to our domain's Cpanel Acceess

General
#1

Can Any Suggest How can I allow a particular Ip on My domain’s Cpanel, Who can modified the code.

#2

Greetings,

Thank you for asking.

  1. Make sure your domain name is added to your Cloudflare account and using Cloudflare nameservers
  2. Make sure the A cpanel DNS record exists under the DNS tab of Cloudflare dashboard for your domain name and it’s proxied and set to :orange:
  3. Navigate to Firewall Rules
  4. Create a new Firewall Rule, from the dropdown menu select “IP Source Address” operator “does not equal”, enter the IP address into the field
  5. Click next to that on the button “AND”, from the dropdown menu select “Hostname” operator “equals”, enter cpanel.yourdomain.com (replace yourdomain.com with you actual domain name)
  6. Select action “Block” from the dropdown menu
  7. Click on the button “Deploy”
  8. Wair for a minute or two to apply the changes

In picture:

Step 1:

ex01
ex011071×300 7.21 KB

Step 2:

ex02
ex021087×895 14.8 KB

  • or you can switch, vice-versa, first hostname then IP …

Explanation of the above Firewall Rule, blocks everyone else except the specific IP to access the sub-domain cpanel.yourdomain.com.

Nevertheless, in terms of a cPanel, you could also access it via other two possible ways:

  1. yourdomain.com/cpanel
  2. Using a port like yourdomain.com:2082 (or 2083)

You might want to consider modifying your Firewall Rule, either to include OR statement and then for example “URI Path” contains /cpanel and “IP Source Address” does not equal to your_ip.

Therefore, you might want to manually modify and use the Expression field to block any request trying to access a port except the 80 and 443, so no one could access the cPanel via a yourdomain.com:port. If interested, here is the expression:

  • (http.host contains "mydomain.com" and not cf.edge.server_port in {80 443}) or (http.host contains "cpanel.mydomain.com" and not cf.edge.server_port in {80 443})

NOTICE: When you use proxied :orange: cPanel, you might end up having an issue with uploading a file larger than 100MB (if using Free plan) or some similar like when using a Pro plan and you enabled the WAF and Managed WAF Rules, which might block you from editting your code or writing into some of the input fields / text editors.

Even better solution from my perspective, would be to remove cPanel from the DNS tab and use your hosting provider domain and port to access the cPanel :wink:

  • that way, cPanel would return none on the DNS lookup, would not be available to public, and only you and the developer would know the URL to access it …

P.S. Despite cPanel, ModSecurity / Imunify360 might create some issue as well too if the origin host/server is not configured to restore the original visitor IP address and/or if it does not allow Cloudflare to connect to it

2 Likes
#3

Thank You So much for your reply. I have followed the Above process but still, I am not able to edit the code in my Cpanel

2 Likes
#4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.