1

I have a severe problem, my cPanel URLs public, I don't want anyone to know the cPanel configuration URLs because if any user can access it with yourdomain.com/cpanel.

As I have shared hosting, I don't have access to the httpd/root or the server configuration files. I want to know whether I can add some code to the .htaccess file and stop this redirection.

Quill
  • 2,729
  • 1
  • 33
  • 44
  • Hi, welcome to StackOverflow. I think I can see what you are getting at, but why is it such a problem given that they would need a userid and password to actually do anything once they'd reached the URL? I use cpanel for all my web stuff, as do the many other people using the same shared hosting, and my cpanel URL is freely available if anyone wanted to guess it, but my admin userid and password are not. This honestly doesn't keep me awake at night - what am I missing? – MandyShaw Nov 03 '18 at 18:07

2 Answers2

0

I previously had shared hosting, and I discovered that this is not possible in shared hosting, you need to have root access.
I bought a vps hosting and removed it by doing the following:

  1. Copying the Apache 2.4 template for EasyApache 4 to allow for customization using command line/terminal:
cp -a /var/cpanel/templates/apache2_4/ea4_main.default /var/cpanel/templates/apache2_4/ea4_main.local
  1. By editing /var/cpanel/templates/apache2_4/ea4_main.local to change the entries to match your preferences:
vim /var/cpanel/templates/apache2_4/ea4_main.local
  1. For instance, if you wanted to disable the /cpanel alias, you'd remove this line when editing the file:
ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
  1. And then rebuilding the httpd.conf file by using:
/scripts/rebuildhttpdconf
  1. And the last step is to restart by using:
service httpd restart

And your cPanel conf paths will be removed.

-1

If you want to deny access to http://www.example.com/cpanel, do this:

  • In httpd.conf make sure you load mod_rewrite: LoadModule rewrite_module modules/mod_rewrite.so. Since you are on a shared hosting, you may not have access to that, but then it is most probably already loaded.

  • In your .htaccess, add:

    RewriteEngine On
RewriteCond %{QUERY_STRING} "^/cpanel$"
RewriteRule ".*" "-" [F,L]

  • Tag [F] causes the server to return a 403 Forbidden status code to the client (ref: https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_f)

To ensure the .htaccess directives are taken into account, make sure you add this to the options of the directory where it resides:

AllowOverwride All

Refer to this SO question: How to Set AllowOverride all

Nic3500
  • 8,144
  • 10
  • 29
  • 40
  • I couldn't stop the redirection –  Nov 04 '18 at 04:48
  • What redirection? You wanted to block `/cpanel`, is there something else to do ? – Nic3500 Nov 04 '18 at 17:04
  • It is not blocking it. –  Nov 06 '18 at 04:34
  • This will work if the query is exactly "/cpanel". If you want it to support "/cpanel/SOMETHING", modify the RewriteCond, remove the `$` sign. So it will become `RewriteCond %{QUERY_STRING} "^/cpanel"`. I will also add something to my answer. – Nic3500 Nov 06 '18 at 17:43
  • I want no one to see the cpanel login page. –  Feb 05 '19 at 08:16