cPanel & WHM installs and manages many different services on your system, most of which require an external connection in order to function properly. Because of this, your firewall must allow cPanel & WHM to open the ports on which these services run.
This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.
We strongly recommend that you use the SSL version of each service whenever possible.
For more information on how to access cPanel & WHM services, read our How to Access cPanel & WHM Services documentation.
The Show Available Modules option in cPanel's Perl Modules interface (cPanel >> Home >> Software >> Perl Modules) uses this port to improve the speed in which it appears.
Instead of FTP, we recommend that you use the more secure SFTP via SSH.
|SMTP||cPanel & WHM only uses this port if you specify it in WHM's Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).|
|cPanel & WHM only uses this port if you run a public DNS server.|
This port serves the HTTP needs of services on the server.
This port serves the HTTPS needs of services on the server.
If you enable the Service subdomains and Service subdomain creation settings in the Domains section of WHM's Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings), users can access cPanel or WHM via the following subdomains:
WHM's Manage AutoSSL interface (WHM >> Home >> SSL/TLS >> Manage AutoSSL) requires outbound access to the
|cPHulk||This port should only accept connections on the |
|Razor||Razor is a collaborative spam-tracking database. For more information, visit the Razor website.|
|WebDAV||cPanel's Web Disk interface (cPanel >> Home >> Files >> Web Disk) uses these ports.|
|CalDAV and CardDAV||cPanel's Calendars and Contacts interface (cPanel >> Home >> Email >> Calendars and Contacts) uses these ports.|
|CalDAV and CardDAV (SSL)|
|APNs||cPanel & WHM only uses this port for the Apple® Push Notification Service (APNs). For more information, read our How to Set Up iOS Push Notifications documentation.|
|MySQL®||MySQL uses this port for remote database connections.|
|DCC||For more information, read Apache's DCC and NetTestFirewallIssues documentation.|
|Pyzor||For more information, read Apache's Pyzor and NetTestFirewallIssues documentation.|
The following examples explain how to add rules with CSF, APF, and the
ConfigServer provides the free WHM plugin CSF, which allows you to modify your
iptables rules within WHM.
To install CSF, run the following commands as the
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf && ./install.sh
To configure CSF, use WHM's ConfigServer & Firewall interface (Home >> Plugins >> ConfigServer & Firewall).
|For more information about how to install and use CSF, visit the CSF website.|
APF acts as a front-end interface for the
iptables application, and allows you to open or close ports without the use of the
The following example includes two rules that you can add to the
/etc/apf/conf.apf file in order to allow HTTP and HTTPS access to your system:
# Common ingress (inbound) TCP ports IG_TCP_CPORTS="80,443″# Common egress (outbound) TCP ports EG_TCP_CPORTS="80″
|For more information about APF, visit the APF site.|
iptables application offers more customization options for your packet filtering rules. This application requires that you understand the TCP/IP stack.
The following example includes
iptables rules for HTTP traffic on port
This example assumes that a DMZ exists on
$IPTABLES -A FORWARD -p TCP -i 220.127.116.11 -o eth0 -d 192.168.1.1 -dport 80 -j allowed $IPTABLES -A FORWARD -p ICMP -i 18.104.22.168 -o eth0 -d 192.168.1.1 -j icmp_packets
|For more information about the use of |
Servers that run the CentOS 7, CloudLinux 7, and RHEL 7 operating systems require that you use the
We recommend that you only use the
For more information about the
cPanel & WHM version 11.50 and later also includes the
cpanel service, which manages all of the rules in the
/etc/firewalld/services/cpanel.xml file. This allows TCP access for the server's ports.
To replace your existing
iptables rules with the rules in the
/etc/firewalld/services/cpanel.xml file, perform the following steps:
yum install firewalldcommand to ensure that your system has
systemctl start firewalld.servicecommand to start the
systemctl enable firewalldcommand to start the
firewalldservice when the server starts.
iptables-save > backupfilecommand to save your existing firewall rules.
iptables-restore < backupfilecommand to incorporate your old firewall rules into the new firewall rules file.