The ConfigServer Security and Firewall (CSF) within WebHost Manager (WHM) offers several different ways to block and unblock access to a site, including:
Whether you need to unblock a client’s IP address after it has been blocked, or close a port to prevent malicious activity, the CSF is a powerful tool for helping secure your site.
To determine whether an IP address has been blocked (and to unblock it), follow these steps:
There are two parts to the CSF firewall: the firewall itself and the Login Failure Daemon (LFD). Whitelisting an IP address grants the address access in the csf.allow firewall, and adding an IP address to the Quick Ignore list prevents an IP address from being blocked by the LFD. (If an IP address is still blocked after whitelisting, you must add it to the Quick Ignore list.)
Even if you whitelist an IP address using the method listed below, the LFD can still block it for suspicious behavior such as repeat violations of ModSecurity rules or multiple failed logins. This is done to minimize the risk of brute-force attacks that could occur if a computer or device on the same network as a whitelisted IP address becomes compromised or infected with malware.
To whitelist an IP address in the csf.allow firewall, follow these steps:
In the Allow IP address text box, type the IP address. There is an optional text box below where you can type a comment for why the IP address was whitelisted:
Click Quick Allow.
A temporary measure that you can take while trying to resolve the underlying issue is to add a problematic IP address to the ignore list. Adding an IP address to the Quick Ignore list prevents LDF from blocking the address. To add an IP address to the ignore list, follow these steps:
In the Ignore IP address text box, type the IP address:
As with LFD, the WebHost Manager cPHulk Brute Force Protection module can block IP addresses exhibiting suspicious behavior. This happens independently of the firewall, so it is a good idea to check cPHulk if you have whitelisted or unblocked an IP address and it still cannot gain access.
To check cPHulk, follow these steps:
To remove a block, select the blocked entry and then click Remove Blocks and Clear Reports.
You might need to open or close a port for various reasons. For example:
To open or close ports in the firewall, follow these steps:
Under csf - ConfigServer Firewall, click Firewall Configuration:
Scroll down to the IPv4 Port Settings section. In this section are the following options:
For more information about CSF, please visit https://configserver.com/cp/csf.html.
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.