Fix “hosts.deny Blocks WHM Access” Issue Easily
The hosts.deny
file is part of the TCP Wrappers library, which is used to control access to services on Unix-like operating systems. It specifies which hosts are explicitly denied access to services on the server. If your WHM (Web Host Manager) access is being blocked, it could be due to an entry in this file.
How hosts.deny
and hosts.allow
Work
hosts.allow
: This file lists the hosts that are allowed to connect to services on the server. Entries in this file override those inhosts.deny
.hosts.deny
: This file lists the hosts that are denied access to services. If a host matches an entry in this file and is not explicitly allowed inhosts.allow
, it will be blocked.
Entries in these files are typically formatted as:
service: [address list]
For example:
sshd: 192.168.1.1
This entry would deny SSH access from the IP address 192.168.1.1
.
Troubleshooting WHM Access Blocked by hosts.deny
If you are unable to access WHM and suspect it is due to a hosts.deny
configuration, follow these steps:
Step-by-Step Troubleshooting:
- Access the Server via SSH:
- If you have SSH access to your server, log in as the root user or a user with sufficient privileges.
2. Check hosts.deny
Configuration:
- Open the
/etc/hosts.deny
file to check its contents:bash sudo nano /etc/hosts.deny
- Look for any entries that could be blocking access to WHM. WHM typically uses ports 2086 and 2087. For example, an entry like this would block all connections:
ALL: ALL
3. Edit hosts.deny
to Allow Your IP:
- You can temporarily remove or comment out the blocking lines to test access. Add a
#
at the beginning of the line to comment it out. - Alternatively, specify your IP address in
/etc/hosts.allow
to override thehosts.deny
entry.
4. Add Entry in hosts.allow
:
- Open the
/etc/hosts.allow
file:bash sudo nano /etc/hosts.allow
- Add an entry to explicitly allow your IP address. For example:
whostmgrd: your_ip_address
Replaceyour_ip_address
with your actual IP address. You can also specify ranges or hostnames if needed.
5. Verify Service Configuration:
- Ensure that WHM (which runs on the
whostmgrd
service) is specified correctly. - Check if the service is running and listening on the correct ports:
bash sudo netstat -tuln | grep 2086 sudo netstat -tuln | grep 2087
6. Restart Networking or Services:
- After making changes, restart any affected services to apply the new rules. For example:
bash sudo systemctl restart xinetd # or for general networking changes sudo systemctl restart networking
7. Test WHM Access:
- Attempt to access WHM again via your browser using
https://your-server-ip:2087
orhttp://your-server-ip:2086
.
8. Firewall and Security Settings:
- Double-check that no firewall rules are also blocking WHM access. On Google Cloud, ensure the appropriate ports are open in your instance’s network settings.
Example hosts.deny
and hosts.allow
Configuration
/etc/hosts.deny
:
ALL: ALL
/etc/hosts.allow
:
whostmgrd: your_ip_address
In this example:
ALL: ALL
inhosts.deny
denies access from all hosts to all services.whostmgrd: your_ip_address
inhosts.allow
allows your specific IP to access WHM, overriding the deny rule.
Summary
To unblock WHM access:
- Check the
hosts.deny
file for any entries that might be blocking access. - Edit
hosts.allow
to ensure your IP address is explicitly allowed for WHM. - Restart services if necessary and verify your firewall settings.
By carefully managing these files, you can control access to your server while ensuring that necessary services like WHM remain accessible to authorized users.