After installing an SSL certificate through cPanel, many administrators find their previously working IP blocking configuration stops functioning. The issue stems from how Apache processes VirtualHost directives when SSL/TLS enters the picture.
<VirtualHost 192.168.1.1:80>
ServerName 192.168.1.1
Redirect 403 /
ErrorDocument 403 "Direct IP access forbidden"
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
This configuration worked perfectly for HTTP traffic, but HTTPS requires special handling due to SSL certificate validation occurring before any redirects.
The core issue is that when Apache receives an HTTPS request to your IP address:
- SSL handshake occurs first (before any VirtualHost processing)
- Apache looks for a matching SSL VirtualHost for the IP
- If none exists, it falls back to the default VirtualHost
Here's the corrected configuration that handles both HTTP and HTTPS IP blocking:
# HTTP IP blocking
<VirtualHost 192.168.1.1:80>
ServerName 192.168.1.1
Redirect 403 /
ErrorDocument 403 "Direct IP access not allowed"
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
# HTTPS IP blocking
<VirtualHost 192.168.1.1:443>
ServerName 192.168.1.1
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
Redirect 403 /
ErrorDocument 403 "Direct IP access not allowed"
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
- You must specify SSL certificates for the IP-blocking VirtualHost
- The DocumentRoot should point to a minimal directory
- Test with
curl -vk https://your.server.ipandcurl -v http://your.server.ip - For cPanel servers, place this in /etc/apache2/conf.d/includes/post_virtualhost_global.conf
If you prefer .htaccess method (though VirtualHost is more reliable):
RewriteEngine On
RewriteCond %{HTTP_HOST} !^yourdomain\.com$ [NC]
RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com$ [NC]
RewriteRule ^ - [F,L]
After installing an SSL certificate through cPanel, my previous solution for blocking direct IP access stopped working. Here's what was happening:
<VirtualHost 192.168.1.1:80>
ServerName 192.168.1.1
Redirect 403 /
ErrorDocument 403 "Direct IP access not allowed"
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
The SSL installation modified Apache's configuration in ways that aren't immediately obvious. The key issues are:
- SSL creates separate virtual host contexts
- Modern cPanel installations use include files that may override your custom configs
- The IP-based virtual host needs to handle both HTTP and HTTPS
Here's the working configuration that handles both HTTP and HTTPS IP access blocking:
# HTTP block
<VirtualHost 192.168.1.1:80>
ServerName 192.168.1.1
Redirect 403 /
ErrorDocument 403 "Direct IP access not allowed"
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
# HTTPS block - crucial addition
<VirtualHost 192.168.1.1:443>
ServerName 192.168.1.1
SSLEngine on
# Your SSL certificate directives here
Redirect 403 /
ErrorDocument 403 "Direct IP access not allowed"
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
If you prefer using .htaccess instead of virtual hosts, this will work:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^\d+\.\d+\.\d+\.\d+$
RewriteRule ^(.*)$ - [F,L]
- After making changes, always test with:
apachectl configtest - In cPanel environments, consider placing configs in
/usr/local/apache/conf/includes/ - If using Cloudflare or other CDN, you may need to adjust for their IPs
If it's still not working:
- Check if cPanel has generated conflicting configs in
/usr/local/apache/conf/userdata/ - Verify that your custom config files are being included in httpd.conf
- Check Apache error logs:
tail -f /usr/local/apache/logs/error_log