H3XED

Disable URL Shortcuts to CPANEL, WHM, WEBMAIL on cPanel VPS

Nov 17, 2015   Web Development   Nick Vogt   Comments (1)
Please note that this post is over a year old and may contain outdated information.
Web hosts that run cPanel are usually configured by default to allow you easy access to your cPanel, WHM (Web Host Manager), and Webmail using simple URLs like:

http://www.mydomain.com/cpanel
http://www.mydomain.com/whm
http://www.mydomain.com/webmail

These URLs redirect due to aliases that exist in the Apache configuration (httpd.conf). If you want to remove this behavior and you have root access, there are three ways to go about it:


Method 1: Edit cPanel Template Files


You can edit the template that cPanel uses to build the httpd.conf file. This is my preferred method. Browse to:

/var/cpanel/templates/apache2/
Make a copy of the main.default file and name the copy main.local. The local file overrides the default file. Open the local file in a text editor. You'll see some basic loops and conditional statements in there that are used to build the httpd.conf file. You'll want to comment out the ScriptAliasMatch, Alias, and ScriptAlias like so:

[% FOREACH dir IN main.scriptaliasmatch.items -%]
#ScriptAliasMatch [% dir.regex %] [% dir.path %]
[% END -%]

[% FOREACH dir IN main.alias.items -%]
#Alias [% dir.url %] [% dir.path %]
[% END -%]

[% FOREACH dir IN main.scriptalias.items -%]
#ScriptAlias [% dir.url %] [% dir.path %]
[% END -%]

Or you can remove those sections entirely.

Once your changes are saved, be sure to rebuild the httpd.conf file and then restart Apache.


Method 2: Edit cPanel Configuration File


You can edit the configuration file that cPanel uses when it builds the httpd.conf file. Browse to:

/var/cpanel/conf/apache/
Make a backup copy of the main file and then open it in a text editor. If you scroll down you'll find the items for each redirect under the alias, scriptaliasmatch, and scriptalias sections. You can remove them as needed or change them.

You can also create a local file override (or edit it if it already exists).

Once your changes are saved, be sure to rebuild the httpd.conf file and then restart Apache.


Method 3: Edit httpd.conf Directly


You can edit the httpd.conf file directly, which will be most familiar for those that have set up Apache servers before but not used cPanel. The main downside to this method is that your edits will be overwritten the next time the Apache httpd.conf file is rebuilt, and there may be other situations where you'll lose your changes as well. You can use apache_conf_distiller to have the changes saved for future rebuilds, but I will not go into that here.

To make the changes using this method, browse to your configuration file at:

/usr/local/apache/conf/httpd.conf
Make a backup copy before you make any edits, and then open it up in a text editor. You'll want to comment out any reference to ScriptAliasMatch, Alias, or ScriptAlias that you do not want to function anymore, or remove them. Once your changes are saved, be sure to restart Apache.
Share This Post
Twitter
Browser Servers
Server Computers
Server Computers
See More Details
Web Server Books
Web Server Books
See More Details

Comments (1)

Kevin Brackley   Aug 02, 2016
Thank you for the post...I found this page from a google search, couldn't find it on cPanel's own site (go figure). I did find that with EasyApache4 (now out of beta) I had to edit the file ea_main.default and then comment out the ScriptAliasMatch ^/?cpanel/?$ etc. lines from there. Then when the httpd.conf is rebuilt, they are commented out in the /etc/apache2/conf/httpd.conf file. Didn't know if this would help others or not at some point in time.
Share This Post
Twitter
Browser Servers
Server Computers
Server Computers
See More Details
Web Server Books
Web Server Books
See More Details
H3XED © Nick Vogt   RSS   Policies   Twitter