How to Manage and Secure the CSF Firewall

The ConfigServer Firewall (CSF) within WebHost Manager (WHM) offers several different ways to block and unblock access to a site, such as whitelisting IPs, blocking/ unblocking IPs, and opening/ closing ports. Whether you need to allow a client’s IP address access after it has been blocked or close a port from malicious activity, the CSF is a powerful tool with which you can help secure your site. 

Please note that only users with root access can access the firewall.

How to Unblock an IP

In order to ascertain whether an IP has been blocked (and to unblock the aforementioned IP address,)  follow the steps below:

  1. Login to WHM.
  2. Click ConfigServer Security & Firewall under Plugins within the left-hand side panel.

    ConfigServer Security and Firewall placement in the left-side panel

  3. Enter the IP address into the Search iptables for IP address text field, and then click Search for IP.
  4. If the IP address is blocked, it will appear in the search results. The reason for the block will be listed. To unblock the IP address click the padlock icon to the right of the IP address.

Granting IPs Access

There are two parts to the csf firewall, the firewall itself and the Login Failure Daemon (lfd.) Whitelisting an IP address grants the address access in the csf.allow firewall, and adding an IP address to the Quick Ignore list prevents an IP address from being blocked by the second part of the firewall, the lfd. If the address is still being blocked after whitelisted, it will need to be added to the Quick Ignore list. 

Even if an IP address is whitelisted using the method listed below, it can still become blocked by lfd for suspicious behavior such as repeat violations of the modsecurity rules or multiple failed logins. This is done to minimize the risk of possible brute-force attacks that could occur if a computer or device on the same network as a whitelisted IP address becomes compromised or infected with malware.

Whitelisting IPs

Follow the steps below to whitelist an IP address in the csf.allow firewall:

  1. Locate the Quick Allow section under csf - Quick Actions
  2. Enter the IP Address in the green text field. There is an optional blank text field below it where you can enter a comment for why the IP address was whitelisted. 
  3. Click Quick Allow.
    Quick Allow
IP addresses should only be granted access as necessary due to the inherent security risks involved. The best security practice is to resolve the issue which led to the IP address being blocked.
Utilizing Quick Ignore

A temporary measure that can be taken while trying to resolve the underlying issue is to add the problematic IP address to the ignore list. Adding an IP address to the Quick Ignore list prevents the address from being blocked by the lfd.To add the IP address to the ignore list, follow the steps below:

  1. Locate the Quick Ignore section under csf - Quick Actions
  2. Enter the IP address in the blue text field. 
  3. Click Quick Ignore.
    Quick Ignore

Checking cPHulk

Just like lfd, the WebHost Manager cPHulk Brute Force Protection module can block IP addresses exhibiting suspicious behavior. This happens independently of the firewall, so it’s a good idea to check cPHulk if the IP address has been whitelisted or unblocked and still cannot gain access.

  1. Locate and click cPHulk Brute Force Protection under Security Center within WHM’s left panel.
    Location of cPHulk
  2. Click the History Reports tab. This area allows you to search for blocked IP addresses, blocked users, one-day blocks, or failed logins.
  3. Remove any blocks by selecting the blocked entry and then clicking Remove Blocks and Clear Reports button.Removing blocked entries

Opening and Closing Ports

You might need to open or close a port for various reasons, such as opening a port to allow email to be delivered or close a port that appears to be exhibiting malicious activity. Follow the steps below to open and close ports in the firewall.

  1. Head to the ConfigServer Security & Firewall page.
  2. Click on Firewall Configuration, which can be found in the csf - ConfigServer Firewall section.
    Opening and Closing Ports
  3. Once you are in the Firewall Configuration page, scroll down to the IPv4 Port Settings section which has the Allow incoming TCP ports and Allow outgoing TCP ports fields.
    • To open a port within the firewall, add it to the appropriate field.
    • To remove a port within the firewall, delete it from the appropriate field.
  4. After making the appropriate changes, scroll down to the bottom of the page, and click Change. This will save your changes and restart the firewall.

Any Questions?

If you have any questions regarding configuring CSF, A2 Hosting’s customer support team will be more than happy to assist you. 

Article Details

  • Operating System: Linux Hosting
  • Control Panel: cPanel
  • Product: Unmanaged VPS Core VPS
  • Level: Intermediate

Related Articles

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.