I use cPanel for hosting my website. I have noticed that if anyone who visits my website happens to be a web developer, he can always reach my cPanel Login page via mydomain.com:2082, mydomain.com/cpanel, etc.. It is better to not let the visitors know what control panel I use. I want to disable these URLs. To myself log in to cpanel, I will use the alternate URL provided by my Web Host which is something like a.myhost.com/cpanel.
As a work around, I also changed the main domain and added my main website as an addon domain. But even that didn't work and addondomain.com:2082 and addondomain.com/cpanel showed up the cpanel login and I was able to login there using cpanel username and password.
Please help me hide these pages from the public world. At least addondomain.com:2082 or addondomain.com/cpanel should throw a 404(preferable) or 403 or anything.
I use cPanel 11/x3.
Even my hosting provider is not able to help me with this. Anybody who know anything about this, or implemented this, please help me.
Thanks in advance....
Changing default cPanel port.
The cPanel port can be changed in /var/cpanel/cpanel.config file.
Just change port=2082 (located in the config file) to anything else.
Then running the following commands for the changes to take effect.
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
/etc/init.d/httpd restart
Changing/removing default cPanel URLs.
For the /whm and /cpanel urls, remove/change these lines or similar matched lines located on the /usr/local/apache/conf/httpd.conf file:
ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?webmail/?$ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi
Then run the following commands for the changes to take effect.
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
Source and more info
From a similar discussion raised on cPanel's Forums - "Changing cPanel URL?" (29 Nov 2010):
There is no way to change the port numbers for cPanel, the WebHost Manager or Webmail. The port numbers are hard-coded into cPanel and there is no configuration option that allows them to be changed.
Even if you edit the httpd.conf file and change the ScriptAlias directives that cause /cpanel, /webmail and /whm to work, they will still be accessible via ports 2082/2083, 2095/2096, and 2086/2087, respectively.
(With application, or package specific questions, your best port of call is initially their own forums/helpdesk rather than a general purpose community like StackOverflow.)
this can be easily done with TCP PORT filtering blocking.
Just filter out in iptables every 2082 (may be even 2083) TCP IN and you will have your cpanel port blocked.
You can reinstate it when needed adding an ALLOW directory to the same ports.
Please tell me if you need further help.
There are times you want to disable automatic to SSL connection while accessing WHM, cPanel, Webmail, so you can access cPanel/WHM via standard ports 2082 and 2086, this is pretty useful if you have SSL issue that's preventing you from loging into your server or cPanel account because it may unable to decrypt your stored password.
Login to WHM >> Tweak Setting >> Uncheck the following options under Redirection
Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
Also you have to uncheck the following option under Security in Tweak Settings.
Require SSL for all remote logins to cPanel, WHM and Webmail. This setting is recommended.
If you are unable to login to WHM backend, you can disable those options from the shell. SSH to the server as root.
SSH to your server as root
Open
# nano /var/cpanel/cpanel.config and set the following options to 0 (zero).
alwaysredirecttossl
requiressl
—-
alwaysredirecttossl=0
requiressl=0
—–
Save the file and exit.
Login to WHM as root
Under server configuration,
Click on Tweak settings
Click the Redirections tab
Check off button for Always redirect to SSL
save settings & that will be done
Can't you use cpanel to put a redirect on the /cpanel directory? Not sure how to get around 2082 w/o more privileges. Possibly your htaccess?
But really, chill out on the cpanel. No one cares that you make your life easier by using cpanel. Most people do. The only people who are going to know are, as you say, developers. And guess what, they use CPanel too.
If your hosting provider cannot help you with this, then you're out of luck. Advisable to set a .htaccess rule to redirect /cpanel to the homepage.
For your .htaccess:
Redirect /cpanel /
or if it fails,
Redirect /cpanel http://your-site.com
I guess you are in a shared hosting environment. Your best shot is to use an htaccess file, be careful!
the goal is to redirect any thing like : #http://your-site.tld/cpanel or to a #http://your-site.tld but do not redirect #http://your-provider.tld/cpanle
RedirectMatch 301 ^/cpanel/$ http://your-site.tld/
RewriteEngine On
RewriteCond %{SERVER_PORT} !^2082$
RewriteRule ^(.*)$ http://your-site.tld/folder/$1 [L,R]
As I said, test carefully!
I have the exact opposite problem, I just linked my domain mtkroms.com to my blogger website but whenever I try to access mywebsite.com/cpanel it redirects to my blogger blog with the 404 page not found :( due to this I cannot setup subdirectories
Related
I run into a strange problem. I have built a wordpress site in a sub domain with Nginx.
It works for access with port none-80, for example:
http://doc.mydomain.com:8085
Then I change its port configuration to 80, but access fails with:
http://doc.mydomain.com
I check the access log, there is only a 301 redirect.
I thought it might due to php, then I replace the content of index.php, it works!
<?php
phpinfo()
So, why the Nginx directs wordpress, while not redirects common php?
I got the reason. The configuration of Wordpress admin has set the website url is http://doc.mydomain.com:8085. After change it, the issue is fixed.
I am a new to PHP and Apache server and i was asked to do few changes to DNS in the AWS Ec2 instance of a PHP application where i changed the config['base_url']= puredata.digitowork.com, after i made these changes when i use the url without https protocol, its redirecting to the old DNS, what are the changes i need to do to avoid this issue.
I am not able to understand why its redirecting.
Thanks in advance
It seems you have a redirection in Apache that is forcing https and your domain when accessing the server. I don't know if you recently modified the Apache's configuration but you can check if you have any RewriteRule in your server by running this command
sudo egrep -Ri RewriteRule /opt/bitnami/
I have an eCommerce WordPress site using woo commerce. Now my hosting company "Heart Internet" provide free SSL certs however the map a subdomain to my domain to achieve this.
Real domain http://mywebsite.com/
SSL Version https://web110.secure-secure.co.uk/mywebsite.com/
So this means if I want to use SSL for my checkout page I need to link to this url. https://web110.secure-secure.co.uk/mywebsite.com/checkout
However doing so provides me with the error:
Forbidden
You don't have permission to access /index.php on this server.
Apache/2.4.23 (Unix) Server at web115.secure-secure.co.uk Port 80
So I would imagine this is something to do with .htaccess but I am not sure.
If I go to this url: https://web110.secure-secure.co.uk/mywebsite.com
It actually does display the home page, however minus any images or css styles and my console is full of failed to load resources error messages.
AFter contacting my hosting company they have said its due to how the site itself is configured. But this is just a simple wordpress website, nothing fancy going on.
Does any one know what I can do?
Image of heart internet ssl
To clarify my question is not about css/images not showing up on homepage, its about the fact i cannot reach any other page on my website without getting the error - You don't have permission to access /index.php on this server.
I don't use the same certificat, but with mine
(Free let's encrypt), i have the same url for whole website. I use woocommerce and checked the appopriate option in the woocommerce setting (use ssl for check out).
Does your provider told you to put your files in this folder ?
If so, all your install might be inside and a redirect done to the main domaine name. You maybe need to change files and folder permissions to use it, with your mostly like ftp browser.
I would want my website subdomain a.site.com to be accessible via alternate port, lets say a.site.com:8866
How can i enable this? a.site.com will be going to the home page of site.com page by default.
It is in a lamp stack. Possible using htaccess? etc?
Thanks.
You can find the settings for those ports in your httpd.conf file (located at apache/conf/httpd.conf), once you opened that up look for listen 80 and change the 80 to your desired port.
note: do not forget to restart your webserver after these changes to update your config.
I'm about to start running three different environments of our PHP application - Development, Staging and Production. Some of our customers will get access to Staging to help us test new features with real customers before it his production.
Our application is running on AWS EC2 though an elastic load balancer using HTTPS only. I need a way to allow users to go to https://mydomain.com/staging and be redirected to the staging environment (would still show https://mydomain.com/staging in the address bar, but they'd be getting content from a different set of servers). There will be some code in Staging that will ensure their account has been approved for Staging access and will allow them in or redirect them to the main application.
I can't seem to figure out how to write this in .htaccess. I've tried a number of things I've found online and haven't gotten it to work. I am beginning to think it may make more sense to have a real directory even in the production environment called 'staging' and have an index.php file inside that checks their account and redirects them based on the result.
However, I'd like to avoid having to purchase another SSL certificate for this, so instead of using a subdomain for staging, I'd like to use a virtual directory. Does that make sense?
Thanks in advance.
You need to enable the use of .htaccess in your httpd config file (you can do so by finding the line in your conf file that has AllowOverride None and change it AllowOverride All) and then place a .htaccess in a folder in your html folder called staging with the following line
Redirect /staging http://whereverYourStagingEnvoIs
I would recommend using a subdomain instead of a subdirectory, staging.mydomain.com
Then in your host records for mydomain.com you could point staging to whatever server you like.