Configure Instance Security-Group for WHM compatibility

Configure Instance Security-Group for WHM compatibility

March 14, 2019 / Eternal Team

Abstract

Here, we will see the ports that we need to be configured for WHM to function properly and also provide a brief note for the same.

This is a part/continuation of our previous blog post on How to Migrate WHM From Third Party Providers to AWS, where we showed the steps to install WHM on an EC-2 server. In this blog post we will show the steps that you need to take in order to make your WHM secure without losing any of its functionality.

Here is an exclusive list of ports and the required protocols and layers on which they need to be open at the time of writing this AWS technology blog.

PORT SERVICE TCP UDP Inbound Outbound Localhost Notes
1 CPAN YES YES “Show Available Modules” option in cPanel’s Perl Modules interface (cPanel >> Home >> Software >> Perl Modules) uses this port to improve the speed in which it appears.
20 FTP YES YES YES Instead of FTP, we recommend that you use the more secure SFTP via SSH.
21 FTP YES YES YES Instead of FTP, we recommend that you use the more secure SFTP via SSH.
22 SSH YES YES You must open this port before you use WHM’s Transfer Tool interface (WHM >> Home >> Transfers >> Transfer Tool).
and later on
Open this port only for private access from your IP as keeping it open to the world is a big Security Risk
25 SMTP YES YES YES
26 SMTP YES YES YES cPanel & WHM only uses this port if you specify it in WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
37 rdate YES YES
43 whois YES YES
53 bind YES YES YES YES cPanel & WHM only uses this port if you run a public DNS server.
80 httpd YES YES YES This port serves the HTTP needs of services on the server.
We strongly recommend that you encourage your users to use port 443, which uses the more secure SSL/TLS security protocol.
110 POP3 YES YES
113 ident YES YES
143 IMAP YES YES
443 httpd YES YES YES This port serves the HTTPS needs of services on the server.
465 SMTP,SSL/TLS YES YES YES YES
579 cPHulk This port should only accept connections on the 127.0.0.x IPv4 address. Your system does not require that this port accept external traffic.
783 Apache SpamAssassin™ YES YES YES
873 Rsync YES YES YES
993 IMAP SSL YES YES
995 POP3 SSL YES YES
2703 Razor YES YES Razor is a collaborative spam-tracking database. For more information, visit the Razor website.
2077 WebDAV YES YES YES cPanel’s Web Disk interface (cPanel >> Home >> Files >> Web Disk) uses these ports.
2078 WebDAV SSL YES YES YES
2079 CalDAV and CardDAV YES YES YES cPanel’s Calendars and Contacts interface (cPanel >> Home >> Email >> Calendars and Contacts) uses these ports.
2080 CalDAV and CardDAV (SSL) YES YES YES cPanel’s Calendars and Contacts interface (cPanel >> Home >> Email >> Calendars and Contacts) uses these ports.
2082 cPanel YES YES To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” option to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases.
2083 cPanel SSL YES YES
2086 WHM YES YES To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” option to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases.
2087 WHM SSL YES YES
2089 cPanel Licensing YES YES You must open this port in order to contact the cPanel license servers.
2095 Webmail YES YES To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” option to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases.
2096 Webmail SSL YES YES
2195 APNs YES YES cPanel & WHM only uses this port for the Apple® Push Notification Service (APNs). For more information, read our How to Set Up iOS Push Notifications documentation.
3306 MySQL® YES YES MySQL uses this port for remote database connections.
6277 DCC YES YES YES
24441 Pyzor YES YES YES

These are the ports and the protocols that are generally needed to opened for the WHM server to function properly along with all the different services it provides.

If you face any issues regarding connectivity or failure of services just go through this list and audit your security-group configuration to check if any port was denied access.

Related Blogs

blog

February 26, 2019

DNS – What it is, How it Works?...

Sharing is caring!

We go through the basics regarding what is a domain; what is a DNS Service; the basic require…..

blog

February 25, 2019

AWS Route-53 : The Swiss Knife for Domain Hosting...

Sharing is caring!

The general idea regarding ROUTE-53 is that it is a Domain hosting service, which is true. But, it provides…..

blog

February 25, 2019

How to build our Own Docker Image? Step by Step G...

Sharing is caring!

In this blog, we will learn some basics about Docker Images. We will talk about, how can we build a…..

Want to start a project?

It’s simple.

Contact us