Cloud Linux, Control Panel, CPanel / WHM

How to fix Cpanel Server shared IP address show customer site?

On a Cpanel Server, when you visit a shared IP address used by multiple websites, you will see the website of the first VirtualHost entry. This is not good when you have multiple customer websites as your other customers may visit the IP and see the site associated with the first VirtualHost entry and complain about this. I had customers reporting that their site is hacked when this happened to them.

The solution is to add a VirtualHost entry for the IP address. So when visitors use IP address, that VirtualHost shows up.

On Cpanel Server, you can do this by editing

vi /etc/apache2/conf.d/includes/pre_virtualhost_global.conf
<VirtualHost YOUR_SERVER_IP_HERE:80>
DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost YOUR_SERVER_IP_HERE:443>
DocumentRoot /var/www/html
<IfModule suphp_module>
suPHP_UserGroup nobody nobody
</IfModule>
<Directory "/var/www/html">
AllowOverride All
</Directory>
<IfModule ssl_module>
SSLEngine on

SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLUseStapling Off

</IfModule>
<IfModule security2_module>
SecRuleEngine On
</IfModule>
</VirtualHost>

In the above code, replace YOUR_SERVER_IP_HERE with your actual server IP address. If you have multiple IP addresses, repeat the code above for each of your IP addresses.

Now restart Apache

systemctl restart httpd