Ok I want to setup an account with it's own dedicated IP. The trick is that I do NOT want any OTHER account viewable through this IP using the TILDE either. I also do NOT want the account that is setup on it's own Dedicated IP to be viewable by using either the server domain naem PLUS the TILDE or by using another IP on the server then using the TILDE.
(Yes I haev the right security settings in WHM about the domain TILDE)

really this is followign along with my previous question about APF adn PASV FTP troubles, jsut finding another way to get done what I want.


I want to setup 1 account that I can run as if it is in itself on it's OWN dedicated server, ie having it's own Firewall rules, ip tables etc that ONY effect this IP address and no other IP on the server.

Anyon got any wise ideas?

BTW, I am running Cpanel/WHM, RDH9, with APF

In WHM, you can enable the Mod_userdir protection. That basically does what you want, disabling the ability to access other user sites.

If you know your IPtables, it's perfectly possible to setup rules applying to only one IP, and if your site is on a dedicated IP, that would be a non-issue.

Mod_userdir protection ONLY works when using the Domain NAME itself ie http://www.webhostingtalk.com/~account/

It does NOT prevent anyone from using . IPADDIE/~account/

So if you have 10 IP's then the /~account/ can be placed in FRONT of Every IP that is NOT Dedicated and u can view that account.


Your comment about the IPtables is off to sorry to say:(

IPtables are NOT the solve all here either for me, they Help but still does NOT answer the question of securing the server right.

Guys look this question goes in hand with the APF and PASV question I made earlier, I was jsut thinking this could be a work around for me.

Let me explain more in depth.....

I have 10 IP's I want to dedicate 1 IP to 1 Account only

I do NOT want that account to be pulled up on ANY other IP should someone ever figure out the account name.

I want to be able to OPEN Ports higher up that are ONLY open on this IP not on any other IP on my machine.

I want to be able to DENY all IP's in the WORLD EXCEPT 200 from even REACHING that IP ever.

(I am pretty sure I have the IP banning/allow sorted out FINE done that a 1,000 times)



So the question really is making 1 IP as if it is in itself a private server etc, where I can apply rules that ONLY effect that IP and NOT the rest of the IP's on my machine. In A nutshell I want to completely isolate 1 IP so it has it's own complete set of rules etc. The account I am placing here will NOT have a domain naem associated to it, is an IP only account what I want is the tighest security I can get on that account.

One of the main issues is that I need say ports 2500 through 5500 open for the ftp server running there while NOT having those ports open on the other IP's on the same machine. Not sur ethis is even possible, but that is what I would LOVE to happen, can u run more than one APF at a time that governs different areas? I cannot think of a way to do it, so again asking here if anyone ever tried soemthign similar to this.