1. Log in to WHM
2. You will notice a search bar on the left side, where you need to type “Host Access Control”. (to filter everything out and find the functionality you need)
3. Allowing or Blocking access using the Hosts Access Control feature When you are redirected to the “Host Access Control” page you will see a brief description of the feature on the top. Underneath this description, you will see examples of how you can deny or allow an IP address or an entire IP range.
Here are all of the services that the “Host Access Control” feature allows you to manage access to.
cPanel (cpaneld)
WHM (whostmgrd)
Webmail (webmaild)
Web Disk (cpdavd)
FTP (ftpd)
SSH (sshd)
SMTP (smtp)
POP3 (pop3)
IMAP (imap)
4. Now that you know which services you can control, let’s explore the way you can do it. Please point your attention to the table section, which is located on the lower side of the page. It has 4 columns, which we will explain below.
- Daemon - This column requires the name of the service you want to control. Please click on the text field located underneath the “Daemon” label and enter the service.
- Access List - In this column, you need to type in the IP address of the person that you are going to allow/deny access to. Please fill in the text field located under the “Access List” label.
- Action - The options here are two. “Deny” - in order to stop access from a given service, and “Allow” - in order to provide access. Please type one of the two options in the text field located under the “Action” label.
- Comment - Here you can leave a relevant note about why you allowed or blocked this IP address. For instance, you can type “This is the IP address of the office, and we need to make sure it can access the cPanel service”. Please write the comment in the text field located under the “Comment” label.
5. When you are done allowing or denying the desired IP addresses, please press the “Save Host Access List” button, located at the bottom of the screen.
Note - A really important thing you need to be aware of is that the rules have an order of precedence. You HAVE to place all of the ALLOW rules prior to adding the DENY ones if you wish to allow access to certain IP addresses and deny access to all other IP addresses. For example, if you wish to allow the IP addresses 123.123.123.123 and 234.234.234.234 to access the sshd service and deny the rest, make sure to first add the allowed IP address rules and afterward the restricted (denied) IP addresses rule. Please find the screenshot example below for a better understanding.
As you can see, the allow rules are located on the top and the deny one is the last one in the table, meaning that from here on out - the IP addresses 123.123.123.123 and 234.234.234.234 will be able to freely access the sshd service, while the rest of the IP address will not be able to do so.