Security
Firewall
The integrated Firewall in CloudPanel is based on UFW, also known as Uncomplicated Firewall.
Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.
CloudPanel is being shipped with pre-configured rules to achieve higher security.
Recommendation
For higher security, whitelist the SSH Port (22) for your IPs only. The CloudPanel Port (8443) should only be whitelisted if you have a static ip.
![Pre-Configured UFW rules](/docs/v2/img/admin-area/security/firewall/pre-configured-rules.png?v=0.0.2)
Adding a Rule
To add a new Rule, click on the button Add Rule.
Select the Type, enter the Port Range, Source, and Description (optional) and click on Add Rule to apply the firewall rule.
![Add Rule](/docs/v2/img/admin-area/security/firewall/add-rule.png?v=0.0.2)
Editing a Rule
- Click on the Rule you want to edit.
![Edit Rule](/docs/v2/img/admin-area/security/firewall/edit-rule.png?v=0.0.2)
- Edit the Firewall Rule and click on the button Save.
![Edit Rule Form](/docs/v2/img/admin-area/security/firewall/edit-rule-form.png?v=0.0.2)
Deleting a Rule
- Select the Rule you want to remove and click on Delete.
![Delete Rule](/docs/v2/img/admin-area/security/firewall/delete-rule.png?v=0.0.2)
Basic Auth
If you don't have a static ip to close port 8443, a Basic Auth in front of CloudPanel is recommended to restrict the access.
Enable Basic Auth
Via Web Interface
To enable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.
Enter a User Name and Password and click on Save to enable basic auth.
![Enable Basic Auth](/docs/v2/img/admin-area/security/basic-auth/enable.png?v=0.0.2)
Via Command Line (CLI)
To enable Basic Auth via the command line, log in via SSH and execute the following command as the root user.
clpctl cloudpanel:enable:basic-auth --userName='john.doe' --password='password123'
Disable Basic Auth
Via Web Interface
To disable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.
![Disable Basic Auth](/docs/v2/img/admin-area/security/basic-auth/disable.png?v=0.0.2)
Via Command Line (CLI)
To disable Basic Auth via the command line, log in via SSH and execute the following command as the root user.
clpctl cloudpanel:disable:basic-auth