Securing cPanel with a Firewall

Because cPanel installs many different services on your server, you need to open a variety of ports depending on your goals and usage.

With the list of inbound ports from cPanel's documentation, you can use HeatShield to configure the firewall for your cPanel servers.

Specifically, you will want to open the following ports to access the control panel itself:

  • 2082—HTTP access to cPanel (the customer-facing side of cPanel/WHM)
  • 2083—HTTPS access to cPanel (the customer-facing side of cPanel/WHM)
  • 2086—HTTP access to WHM (the administrative side of cPanel/WHM)
  • 2087—HTTPS access to WHM (the administrative side of cPanel/WHM)

Opening Your Firewall to a Set of cPanel Ports

Even though this tutorial will create a ruleset that opens almost all of cPanel's inbound ports, you should only open the ports for the services you use on your server.

To use HeatShield to open ports on your cPanel server, you can create a new ruleset that contains only the rules related to cPanel. If you have multiple cPanel servers, you can apply this ruleset to each cPanel server.

First, connect your server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow and the Source to Any.

Select Custom from the Destination dropdown and enter TCP 20 as the FTP port. Click Add.

Repeat this step for each of the cPanel ports you need to open on your server.

Your final ruleset will look similar to this example but with only the ports open to the services you need to use:

If you want to only allow HTTPS access to cPanel, you could only open the HTTPS ports (2083 and 2087).

If you want to whitelist which IP addresses have access, you can only open those ports to specific IP addresses.

Applying the cPanel Ruleset

To apply your new ruleset to your cPanel server, open the server in HeatShield.

Select your cPanel ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

Since SSH and HTTP/HTTPS are already included in HeatShield's default rulesets, you don't need to add those rules to your cPanel ruleset. Unless you have removed them yourself, they will already be applied to your server.

Last updated: September 09, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.