The ConfigServer Firewall (CSF) within WebHost Manager (WHM) offers several different ways to block and unblock access to a site, such as whitelisting IPs, blocking/ unblocking IPs, and opening/ closing ports. Whether you need to allow a client’s IP address access after it has been blocked or close a port from malicious activity, the CSF is a powerful tool with which you can help secure your site.
In order to ascertain whether an IP has been blocked (and to unblock the aforementioned IP address,) follow the steps below:
There are two parts to the csf firewall, the firewall itself and the Login Failure Daemon (lfd.) Whitelisting an IP address grants the address access in the csf.allow firewall, and adding an IP address to the Quick Ignore list prevents an IP address from being blocked by the second part of the firewall, the lfd. If the address is still being blocked after whitelisted, it will need to be added to the Quick Ignore list.
Even if an IP address is whitelisted using the method listed below, it can still become blocked by lfd for suspicious behavior such as repeat violations of the modsecurity rules or multiple failed logins. This is done to minimize the risk of possible brute-force attacks that could occur if a computer or device on the same network as a whitelisted IP address becomes compromised or infected with malware.
Follow the steps below to whitelist an IP address in the csf.allow firewall:
A temporary measure that can be taken while trying to resolve the underlying issue is to add the problematic IP address to the ignore list. Adding an IP address to the Quick Ignore list prevents the address from being blocked by the lfd.To add the IP address to the ignore list, follow the steps below:
Just like lfd, the WebHost Manager cPHulk Brute Force Protection module can block IP addresses exhibiting suspicious behavior. This happens independently of the firewall, so it’s a good idea to check cPHulk if the IP address has been whitelisted or unblocked and still cannot gain access.
You might need to open or close a port for various reasons, such as opening a port to allow email to be delivered or close a port that appears to be exhibiting malicious activity. Follow the steps below to open and close ports in the firewall.
If you have any questions regarding configuring CSF, A2 Hosting’s customer support team will be more than happy to assist you.
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.