Uniquely identifying information to restrict specific scripts

Forum Moderators: open

Message Too Old, No Replies

Uniquely identifying information to restrict specific scripts

csdude55

8:18 am on Dec 5, 2020 (gmt 0)

I'm trying to modify my Apache configuration to restrict WHM and cPanel to pre-approved devices. The issue is that my home IP changes daily, so I can't restrict it by IP.

I could restrict it by user agent, like so:

# Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.+Windows NT 10\.0.+Chrome [NC]

but that's a bit loose; literally anyone using Windows 10 and Chrome would be approved.

I also considered writing a separate script that assigns a persistent cookie, but I'm really not sure how much I can rely on browsers to keep a persistent cookie anymore.

So before I go either of those routes, can you suggest any other criteria I might use to restrict it to a pre-approved device?

Key_Master

6:44 pm on Dec 5, 2020 (gmt 0)

Cookies are probably your best option and the way I would handle it (with password authentication). You could modify the browser to send a unique header key for specific domains. There are browser add-ons to make this easier to enable.

phranque

3:47 am on Dec 6, 2020 (gmt 0)

I'm trying to modify my Apache configuration to restrict WHM and cPanel to pre-approved devices.

would HTTP Basic Authentication [httpd.apache.org] work in this application?

graeme_p

1:15 pm on Dec 7, 2020 (gmt 0)

If Cpanel lets you change the IP the CPanel admin listens on, you can change it to 127.0.0.1 and then connect over an ssh tunnel.

You could also close the port cPanel listens on in the firewall instead of changing the IP.