Note: Should you find no such listing in WHM, feel free to request an upgrade from the APF firewall when contacting support. There is no charge, it typically takes only a few minutes and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.
Unblocking an IP Address in CSFTo determine whether an IP address is blocked, you can use the Search for IP button on the ConfigServer Security&Firewall page. Simply enter the IP address into the search field and click the button. If the IP address is blocked, the reason for the block will be listed and an unlocked padlock icon will appear to the right of the blocked IP address. Clicking the padlock icon will unblock the IP in the firewall.
Allowing (Whitelisting) an IP AddressIt is important to note that there are two components to the csf firewall, the firewall itself and the Login Failure Daemon (lfd). To whitelist an IP address in the firewall (csf.allow), you can enter the IP address into the Quick Allow section, along with an optional comment for the allow (such as “Office network”), and click the Quick Allow button. When an IP address is whitelisted in CSF, it still can become blocked by lfd for abusive behavior such as multiple failed logins or repeated violation of certain modsecurity rules. This helps to mitigate the sort of brute-force attacks that could occur should a computer or device on the same network as a whitelisted IP address become compromised or infected with malware. It is recommended to whitelist IPs only as necessary and, for a long-term solution, focus on resolving the issue which led to the block (such as incorrect login credentials). However, as a temporary measure while troubleshooting or otherwise working to correct the underlying issue, you can prevent an IP address from being blocked by lfd by adding it to the ignore list (csf.ignore). That can be done using the Quick Ignore button on the ConfigServer Security&Firewall page.
Blocked IP? Don’t Forget to Check cPHulkWebHost Manager also includes the cPHulk Brute Force Protection module which, like the Login Failure Daemon component of the ConfigServer firewall, can block IP addresses (independently of the firewall) when they have repeated failed login attempts. If you’re trying to unblock an IP address but no block is to be found in the firewall, you will want to check cPHulk as well. In WHM, you’ll find cPHulk Brute Force Protection listed under the Security Center section of the left menu. On cPHulk’s History Reports tab, you can search for failed logins, blocked users, blocked IP addresses, or one-day blocks. Removing a block is as easy as clicking the Remove Blocks and Clear Reports button. You also can whitelist IP addresses, with an optional comment, under the Whitelist Management tab. Please be aware that whitelisting an IP address here means that the IP address always will be able to attempt to log into the server. That could potentially present a security risk in the event that a computer or device on the same local network as the whitelisted IP becomes compromised or infected and uses brute force to try to gain protected access. For this reason, IP address whitelisting in cPHulk should be used sparingly and with caution. On the ConfigServer Security & Firewall page in WebHost Manager, click on the Firewall Configuration button to enter advanced settings. On the Firewall Configuration screen, scroll down to the IPv4 Port Settings section, and locate the Allow incoming TCP ports and Allow outgoing TCP ports sections. You will need to add the necessary port to the appropriate list (or remove a listed port to block it), then scroll all the way to the bottom of the page and click the Change button to save your settings and restart the firewall.
Port Still Unreachable? Check Your Storm® FirewallIf you have a Storm® server, you have access to an additional firewall which can be accessed via your Manage interface by clicking on your server’s dashboard. You’ll find your Storm® Firewall settings under the Network section, on the Firewall tab. If you’ve enabled it with advanced settings, you will want to ensure you’ve opened the port there as well. To open a port when using the Advanced Firewall Configuration, click the Add Rule link, give it a Label and set the Destination Port, Protocol, and Action, then click the green button. Repeat for any additional ports you’re opening (or closing) and then click the Apply Firewall Settings button to apply the settings and restart the firewall.
Find Detailed Information in Our Knowledge Base
- Learn how to manage IP address blocks from the command line via SSH:
- For general information on APF, see APF Firewall.
- And to learn how to open (and close) ports in either firewall, check out Opening Ports in Your Firewall.
- To learn more about the Storm® Firewall, visit How to Configure a Storm® Firewall.