Introduction:
Table of Contents
cPanel is a well-known web hosting control panel that offers a simple interface for operating a web server. Securing a cPanel server is a critical chore for every site administrator in order to safeguard the server from any security risks. A firewall may be used to restrict undesirable traffic on a cPanel server. Best practices for establishing firewall rules on a cPanel server are as follows:
Except for those required for the server to function correctly, block all incoming traffic on all ports. This may be accomplished by implementing a firewall rule that drops all incoming traffic on all ports save those specifically approved.
Allow incoming web traffic on ports 80 (HTTP) and 443 (HTTPS). Users will be able to access the website housed on the server as a result.
Allow inbound file transfer traffic on port 21 (FTP). Users will be able to upload and download files to the server as a result.
Allow incoming SSH traffic on port 22 for remote administration. This enables the administrator to connect in to the server remotely and do server administration operations.
Allow inbound domain name resolution communication on port 53 (DNS). This enables the server to resolve domain names and connect to websites.
To prevent unauthorized access to the server, block all incoming traffic on all other ports.
IPtables firewall rules can be used to block incoming and outgoing traffic from known malicious IP addresses or IP ranges.
Maintain firewall rules and check logs for any unusual behavior.
cPanel Security Firewall Rules
Here’s an example of iptables firewall rules that might be used to put these best practices into action:
# Flush all existing rules
iptables -F
# Block all incoming traffic on all ports
iptables -P INPUT DROP
# Allow incoming traffic on port 80 (HTTP) and 443 (HTTPS)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow incoming traffic on port 21 (FTP)
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# Allow incoming traffic on port 22 (SSH)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow incoming traffic on port 53 (DNS)
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
# Allow incoming traffic on loopback interface
iptables -A INPUT -i lo -j ACCEPT
# Allow all outgoing traffic
iptables -P OUTPUT ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Block incoming traffic from known malicious IP addresses or IP ranges
iptables -A INPUT -s -j DROP
# Save the firewall rules
iptables-save
Conclusion:
It is vital to remember that these are only samples and that you should modify them to meet your individual needs and test them before implementing them on production systems. Firewall rules should be examined and changed on a regular basis to ensure that they are still effective in blocking harmful traffic. Monitoring server logs for unusual behavior is also a vital step in identifying and avoiding possible security issues.