ConfigServer Firewall (CSF) is a Firewall software installed on your server to keep it secure. It provides an advanced and easy to use web-based interface to manage firewall settings. You can also manage your firewall settings/configuration via the Secure Shell (SSH -> https://www.hostpapa.com/knowledgebase/connect-server-via-secure-shell-ssh/).
With this firewall service, you can:
- Control traffic flowing into your server space. Traffic flows in and out through many different connections inside your hosting server. A firewall will close all connections and allow you to selectively open the connections from which you want to receive traffic.
- Prevent DDoS attacks. You don’t want a hacker to install a DDoS tool on your server. A firewall will prevent that from happening by closing outgoing ports, opening only those needed for authorized outgoing traffic.
- Track network connections. A firewall like CFS scans all network connections that pass through it and lets you know which ones made a suspicious number of failed login attempts.
In short, with a firewall, your cPanel account will be protected from malicious tools that try to enter your website through third-party services.
ConfigServer Firewall comes with a child service called Login Failure Daemon (LFD). This service watches the activity of the users configured on the server for excessive login failures. That behavior is commonly seen during brute force attacks.
By default, HostPapa is loading a fully optimized configuration of the CSF and LFD services to the provisioned servers. The configuration can still be tuned/adjusted by you or by the support team (by your request).
CSF (ConfigServer Security and Firewall) is complicated software, and its functionality cannot be covered in a single article. You can check the official documentation for CSF (ConfigServer Security and Firewall) software to learn more about it.
In this article, you will learn the following items:
- How to reach CSF web-based interface
- What kinds of blocks exist
- How to whitelist an IP address
- How to blacklist an IP address
- How to check if an IP address is blocked/whitelisted
- How to remove the block from the IP address
How to reach CSF web-based interface
The CSF can be managed by the ROOT (System Administrator) user only. To access its interface, you need to log in to your server’s WHM control panel as a root user. After that, you can navigate to:
|Home » Plugins » ConfigServer Security & Firewall|
Alternatively, you can use the “search” form on the panel left side. You can type there “configserver” to find it faster:
What kinds of blocks exist
Depending on the situation/activity, the firewall can apply various types of blocks.
- Temporary block. The firewall can apply a temporary block. This block expires in 3600 seconds (60 minutes), i.e., the block is getting removed in an hour.
- Permanent block. When the number of temporary blocks reaches a specific number, the CSF is applying a permanent block. This block doesn’t expire and can be removed only manually.
- Manual block. This block is getting applied manually by the System Administrator/VPS/Dedicated Server owner.
How to whitelist an IP address
To perform the IP address whitelisting, the CSF provides the quick whitelisting option.
This can be done from:
WHM » ConfigServer Security & Firewall » csf – Quick Actions » “Quick Allow”
To allow the IP address, you need to enter it under the “Allow IP address” field, put a note of why the IP address was whitelisted under the “Comment for Allow” field (not required), and click the “Quick Allow” button.
How to blacklist an IP address
There are many possible reasons why you may decide to block the IP address from accessing your server. You can take that action within the same area that’s called “csf – Quick Actions”, i.e., from:
WHM » ConfigServer Security & Firewall » csf – Quick Actions » “Quick Deny”
Within this area, you need to put the IP address that you want to block into the “Block IP address” field, put the comment of why the block was applied (not required), and click on the “Quick Deny” button.
How to check if an IP address is blocked/whitelisted
You can check if the IP address was blocked or whitelisted using the “Search for IP” button from:
WHM » ConfigServer Security & Firewall » csf – ConfigServer Firewall » Search for IP
You would need to put the IP address into the “Search iptables for IP address” field and click on the “Search for IP” button.
How to remove the block from the IP address
While the temporary blocks are expiring in an hour (unless you set another expiration time frame), and to reach the server, you may simply wait an hour until the block expired, you can also manually remove:
To do that, you would need to put the IP address into the “Remove IP address” field and click on the “Quick Unblock” button.
If you found that your own IP address was blocked, and you need to unblock it, you can access the WHM control panel on your server using an alternate IP address.
To establish this, you can share your phone 3G/4G/LTE connection. This action will change the IP address your computer is connecting from and allow you to reach the server. Alternatively, you can establish the VPN/Tunneling connection first to change your IP address and allow you to reach the server.
You can also reach the support team via the ticket/email or using the Live Chat and ask to help you get the IP address unblocked.
Commands to take actions via SSH (Advanced)
Search for the blocks
csf -g 192.168.0.1
Whitelist IP address
csf -a 192.168.0.1 “reason for whitelisting”
csf -ar 192.168.0.1
Remove temporary block
csf -tr 192.168.0.1
Remove permanent block
csf -dr 192.168.0.1
NOTE: The IP address 192.168.0.1 would need to be replaced with an actual IP address.