How to lock down a port

Hello

I found within my logs internet users have been landing on my cPanel access page.

I actually have https://cpanel mysite .com locked down to my IP only. However, I just found that my cpanel can also be accessed from https:// www. mysite .com / 2083

I tried adding this to my zone lockdowns but this does not allow to add a port number

I have searched some docs but unabe to find the correct intructions. How can I lock this down to my ip

Take a look at Network ports · Cloudflare Fundamentals docs

1 Like

Hi

Anychance you could just tell me how to block users from getting to mysite. .com / 2083 and lock down to my IP only

Ive already looked at this page you have referenced. Means almost nothing to me really.

Im not a network engineer. Im a writer

Try a Firewall Rule like this. If it’s NOT your IP address, and it’s NOT a standard port, then Block.

4 Likes

Okay thank you provding the information. Its very helpfull

I have impletmened the following.

So this will allow everything to keep working fine. Wont cause me any other issues.Will it stop people from getting to this cpanel port number where my cpanel login screen is showing. Correct ?

Also, will this stop my email 110 and other apps like the abilty for blogvault to do restore via ftp on port 21

Will I need to allow these?

I am also a little worried as the page says specific rules here could stop googlebot ect

As far as I remember, to access cPanel you could get into it by cpanel.domain.com, domain.com/cpanel, domain.com:2083 (HTTPS), domain.com:2082 (non-HTTPS). Next to it, there is a WHM too in most cases (port 2087).

No, it won’t stop/block them. They should continue working as-is regardless.

Furthermore, the suggest Firewall Rule from above applies only to the Web traffic - HTTP(S) and will allow requests only to the 80 and 443 ports of your domain. However, FTP port and some other like SSH aren’t protected.

If you’d like to protect these kind and other ports not being listed at the link from above, then I’d suggest trying out Cloudflare Spectrum if so:

Locking the cPanel hosting (shared I guess) might be a bit of difficult to achieve in your case.

Hi

Thanks for the information. I very much apprciate the time you have taken to provde these details

I was worried that blocking everything else out except 80 & 443 could stop my mail working and my automated blogvault backups + the ability for it to upload restores on my command via the FTP creds I give it.

Hi

When trying to deploy I am getting this error

Oh and by the way. I have already blocked cpanel.mysite .com with WAF rule just fine. Just cant block off the port number as I am seeing thousands of visits on it. I used a zone lockdown for that one

1 Like

All good. It will continue to work normally. Good you’re asking about it so we could clearify it :wink:

Here is a combined rule I am using to:
a) allow only port 80 and 443 (block 2083, 2083 and other HTTP(S) ports)
b) allow only my IP to cpanel.domain.tld and domain.tld/cpanel
c) method “block”

(http.host contains "domain.tld" and not cf.edge.server_port in {80 443}) or (http.request.uri.path contains "cpanel" and ip.src ne 110.x.x.x) or (http.host contains "cpanel.domain.tld" and ip.src ne 110.x.x.x)

Okay.

So I just copy this into the expression

(http.host contains “domain.tld” and not cf.edge.server_port in {80 443}) or (http.request.uri.path contains “cpanel” and ip.src ne 110.x.x.x) or (http.host contains “cpanel.domain.tld” and ip.src ne 110.x.x.x)

All I need to do is replace the 110,x,x,x with my chosen IP?

This one does not make my sense to me. Ive already blocked cpanel.mydomain .com in zone lockdown options.

If you’d like to, you’re free to use it :wink:

Yes, correct.

Even better like that.

There are multiple ways to achieve the same goal while using Cloudflare features :wink:

Again. Does not work

O-oh, forgot and you should change the domain.tld to your real domain name.

Also, try changing the double-quotes symbol, delete them and write again with your keyboard " " where needed as with copy-paste might be different one shown or used.

Hello

While this seems to be working now and people can not longer access mysite .com/2083 it also blocks me.

Is the expression setup to allow my ip?

Hm, I wonder if that IP was from the origin host/server, or rather you enterd your own public (DHCP I guess?) router IP? :thinking:

I double-checked it now, and when I enter my IP, I can get in, while if I try to enter my website through my mobile ISP (4G LTE) I get blocked and presented with the Cloudflare’s “1020 Access Denied” error page, which is ok and works as expected.

May I ask how did you used to get into cPanel? via port or cpanel sub-domain/path? :thinking:

No.

The IP used is my WAN IP. Not the webhost

I have been using this IP with other rules and works fine.

Here is the RAYID

73c31a1d195417c8

Okay so,.

I get into my cpanel via its direct server path.

I dont access it via cpanel.mysite.com as I have that locked down in a zone lockdown. However, if can turn that off and on as I please

I also never access my site via site .com:port. However, I want this option there as a turn on and off also, (for developers)

I onky become aware that site:2083 was open and users coud reach it and see a cpanel login option when I was checking my logs and saw thousands of visits here.The visits on this url and port are not be because I access my site and hosting via different means

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.