Get Virtualizor

Securing Virtualizor Panel

Overview

This guide will help to use available options to secure the Virtualizor panel.

Admin panel login

secure-login
  • Go to Admin panel -> Configuration -> Master Settings -> Security settings
    Max Login Attempts for Admin panel can be set there.
    Failed Login Ban Time will apply once the login attempts are exhausted.

  • Enable LDAP Authentication will help to authenticate with your external LDAP server while logging to Admin panel.
  • Two factor authentication can also be used for Root or Admin from left menu with Email or Apps like Google Authenticator .
    For Enduser this guide can be used :
    https://www.virtualizor.com/docs/admin/enable-disable-two-factor-authentication/
secure-2fa

restrict panel access

secure-ip
  • Go to Admin panel -> Configuration -> Master Settings -> Security settings
  • Allowed IP list to Access PanelAdd your IPs (comma separated if many) and save settings.
    Now you will be able to access Virtualizor panel from the specified IPs ONLY.
  • The same applies to 'Allowed IP list to restrict API operations', only the specified IPs will be able to make an API call.
  • Disable Server Web Terminal option will disable the terminal option from left menu and list servers page.

Using Domain 

  • You can use Admin panel over a domain with SSL installed and use Enduser panel with another domain and it can have proxy enabled. (viz, Cloudflare)
    Using Enduser panel over a proxied domain will require making Enduser panel available over standard web ports :
    https://www.virtualizor.com/docs/admin/standard-web-ports/
    This will also ensure not revealing server's IP address.
    You can also enable 'Hide VNC details' option in Configuration->Master settings so that it does not reveals the server's IP where the VPS exists.

Firewall

secure-firewall

    Was this page helpful?
    Newsletter Subscription
    Subscribing you to the mailing list