[cPanel & WHM] Working with CSF Firewall

Clara - VPS Hosting Team

ConfigServer Firewall (CSF) is a firewall management script that enhances server security and provides an intuitive interface for configuration. Install it via SSH and manage settings through WHM.

Installation:

SSH into your server as root.
Run:

wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Usage:

Access CSF configuration in WHM by searching for "ConfigServer Security & Firewall."
Disable Test Mode after configuration to ensure changes are applied.

Firewall Configuration:

Make sure to disable Test Mode after configuring the firewall. Initially, the Firewall Status will be set to Test Mode, which will be reset periodically by cPanel’s cronjob. To ensure your changes are preserved, disable Test Mode once configuration is complete.

After configuring the firewall, remember to disable Test Mode. By default, the Firewall Status is set to Test Mode and will be reset periodically by cPanel's cronjob. To ensure your changes are saved, switch off Test Mode once you're done with the configuration.

Ports should be separated by commas. Save your changes by clicking the button at the bottom of the page.

Once you save the changes, be sure to restart both CSF and LFD.

If the firewall is active and not in test mode, you will see a message:

Server Security:

Use the security tool to assess protection levels and apply recommended tips.

Manage IP addresses with Quick Allow, Quick Deny, and Quick Unblock options.

To ensure your safety, follow the tips provided on this page. When making changes, be cautious not to disrupt any running applications on the server.

Allow/Deny IP Addresses

Quick Allow: This feature lets you permit an IP address to access all tasks on your server, including any incoming traffic and ports. It essentially acts as a whitelist.

Quick Deny: Use this to block IP addresses. For instance, you can add IPs that have carried out DDoS attacks on your server. This functions as a blacklist.

Quick Unblock: If an IP address was mistakenly blocked, you can use this option to restore access.

Check IPs Against RBLs

This tool scans all IP addresses on your server for listings on public blacklists. Please note that the process may take some time to finish.

We've covered some of the main features of CSF, but there's much more to discover. We encourage you to explore the tool further and customize it to meet your server's specific requirements.