cPanel & WHM installs and manages many different services on your system, most of which require an external connection in order to function properly. Because of this, your firewall must allow cPanel & WHM to open the ports on which these services run.
This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.
- We strongly recommend that you only open ports for services that you use.
- When you work with firewall rules, always make certain to include a way to log back in to your server, and always maintain console access to your server.
We strongly recommend that you use the SSL version of each service whenever possible.
- The use of non-SSL services can allow attackers to intercept sensitive information, such as login credentials.
- Always ensure that valid SSL certificates exist for your services in WHM's Manage Service SSL Certificates interface (Home >> Service Configuration >> Manage Service SSL Certificates).
For more information on how to access cPanel & WHM services, read our How to Access cPanel & WHM Services documentation.
We recommend that you use SFTP via SSH, because it is more secure than FTP.
You must open this port before you use WHM's Transfer Tool interface (Home >> Transfers >> Transfer Tool).
|SMTP||cPanel & WHM only uses this port if you specify it in WHM's Service Manager interface (Home >> Service Configuration >> Service Manager).|
|cPanel & WHM only uses this port if you run a public DNS server.|
|WHM's Manage AutoSSL feature (Home >> SSL/TLS >> Manage AutoSSL) requires outbound access to the |
|cPHulk||This port should only accept connections on the |
|Razor||Razor is a collaborative spam-tracking database. For more information, visit the Razor website.|
|WebDAV||cPanel's Web Disk interface ( Home >> Files >> Web Disk ) uses these ports.|
|CalDAV and CardDAV||cPanel'sinterface ( Home >> Email >> Calendars and Contacts ) uses these ports.|
|CalDAV and CardDAV (SSL)|
You must open this port in order to contact the cPanel license servers.
|APNs||cPanel & WHM only uses this port for Apple Push Notification Service (APNs). For more information, read our How to Set Up iOS Push Notifications documentation.|
|MySQL®||MySQL uses this port for remote database connections.|
|DCC||For more information, read Apache's DCC and NetTestFirewallIssues documentation.|
|Pyzor||For more information, read Apache's Pyzor and NetTestFirewallIssues documentation.|
The following examples explain how to add rules with CSF, APF, and the
- We do not recommend that you use these examples for your personal configurations. Instead, make certain that your firewall rules match the way in which you use cPanel & WHM's services.
- CentOS 7, CloudLinux™ 7, and Red Hat® Enterprise Linux (RHEL) 7 servers have additional requirements. For more information, read the CentOS 7, CloudLinux 7, and RHEL 7 firewall management section below.
ConfigServer provides the free WHM plugin CSF, which allows you to modify your
iptables rules within WHM.
To install CSF, run the following commands as the
To configure CSF, use WHM's ConfigServer & Firewall interface (Home >> Plugins >> ConfigServer & Firewall).
APF acts as a frontend for the
iptables application, and allows you to open or close ports without the use of the
The following example includes two rules to add to the
/etc/apf/conf.apf file to allow HTTP and HTTPS access to your system:
iptables application offers more customization options for your packet filtering rules. This application requires that you understand the TCP/IP stack.
The following example includes
iptables rules for HTTP traffic on port
This example assumes that a DMZ exists on
eth0 for the
192.168.1.1 port, and the
188.8.131.52 broadcast IP address.
iptables, visit the
iptablessite, or run the
man iptablescommand from the command line.
CentOS 7, CloudLinux 7, and RHEL 7 firewall management
Servers that run the CentOS 7, CloudLinux 7, and RHEL 7 operating systems require that you use the
We recommend that you only use the
firewall utilities on CentOS 7, CloudLinux 7, and RHEL 7 servers.
For more information about the
firewall utilities and the
firewalld daemon, read Red Hat's Using Firewalls documentation.
cPanel & WHM version 11.50 and later also includes the
cpanel service, which manages all of the rules in the
/etc/firewalld/services/cpanel.xml file. This allows TCP access for the server's ports.
To add these rules automatically, perform the following steps:
- Run the
yum install firewalldcommand to ensure that your system has
- Run the
systemctl start firewalld.servicecommand to start the
- Run the /
There is no content with the specified labels