Cpanel Firewall Ports SSL Only

I was checking a few things on one of my CPanel servers this morning and noted that we had some http access rather than https. This was via cpanel logins and webmail.

I thought that the server was configured to redirect automatically to the SSL equivalent port so I checked the server WHM console Tweak Settings -> Redirection -> “Choose the closest matched domain for which that the system has a valid certificate……” setting which was ‘On’ by default.

Next I reviewed the firewall and at some point I had apparently followed a list of ‘Open these Ports for CPanel’ and had included the non-ssl access ports. While the server setting would not accept connections the firewall was allowing scan activity through.

So I reviewed this documentation at CPanel for a full list of ports and removed a few ports from the firewall.

Specifically we do not need to open

  • 2082 – Cpanel
  • 2086 – WHM
  • 2095 – Webmail

And we can (should) have the SSL equivalents open

  • 2083 – Cpanel
  • 2087 – WHM
  • 2096 – Webmail

This forum thread also relates https://forums.cpanel.net/threads/is-there-a-way-to-shut-off-the-non-ssl-ports-2082-2086-2095.164950/

Leave a Reply

Your email address will not be published. Required fields are marked *