Host Access Control
For WHM version 11.38
(Home >> Security Center >> Host Access Control
The Host Access Control
screen allows you to allow or deny access to services by IP address
. You can create rules that specify individual services with which you will allow IP addresses to interact.
For example, here are some services to which you can restrict access:
| Daemon Name
|| Service Name
The ranges of addresses in these rules must use wildcards (
) instead of CIDR
Changes to the Host Access Control
screen are stored in the
files on your server.
— If you wish to allow or deny access to individual sites, use the IP Deny Manager
within each site's cPanel interface.
How to block an IP address
To block a service by IP address
- Enter the service’s name in the Daemon field.
- Note: As you type, a list of matching suggestions will appear.
- Enter the IP address or hostname under Access List.
- Note: You may enter wildcards in this field. However, you cannot enter a range of IP addresses using CIDR notation. The field recognizes IP address/netmask pairs such as the following:
- Enter an action under Action.
- Note: Allow and deny are the only valid input values for this field.
- Describe the rule under Comment.
- Note: When you use the "allow from a few IP addresses; then deny from all" technique, you must enter the allow rules before the deny rules. You can also use ALL EXCEPT
192.168.0.20 as an Access List which will allow all IP addresses except
- Click Save Host Access List at the bottom of the page.
- You may delete any changes that you have made to the entry fields by clicking Reload.
If you accidentally lock yourself out of the server, edit
via the console to unlock the server.
How to configure your Firewall
For greater flexibility with host access control, you can configure your firewall directlyWhen specifying which IP addresses can access your server, you can gain some flexibility by configuring your firewall.
To configure your firewall directly, you will need to log into your server as the
On a CentOS or RedHat Enterprise LInux® system, you can use the
utility to manage your firewall.
Both of these utilities can accept CIDR
How to configure a firewall on a CentOS or RedHat server
If you wish to block
on CentOS using
, you could use the following command:
iptables -A INPUT -s 192.168.0.20 -j DROP
If you want to block the same IP address
from accessing port 23, you could use:
iptables -A INPUT -s 192.168.56.210 -p tcp --destination-port 23 -j DROP
Are you still having difficulties?
There are several utilities available in our application catalog
that can help you manage your firewall.