How To Unblock Your IP Address in Manage

Liquid Web has introduced a new feature designed to simplify the removal of errant IP address blocks in the firewall, and allow customers to quickly remove their own address from within their Manage dashboard. In this manner, customers can remove blocks on their IP addresses even when they are unable to access WebHost Manager itself due to the block.

Pre-Flight Check

  • The cPanel Quick IP Address Unblock feature is designed for servers using the ConfigServer Firewall (CSF).
  • The feature does not apply to any server utilizing a different firewall.
  • You must have access to your Manage dashboard to use the IP delist feature.
    Note: Customers with Dedicated, Storm, or VPS servers which are not currently using the CSF firewall can request an upgrade from support to take advantage of this Manage feature. There is no charge, it typically takes only a few minutes and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Step #1: Log into Your Manage Interface

  1. In Manage, click on the [+] next to your server’s hostname to expand its details.
  2. Now click on the Dashboard button to open the Server Dashboard.

    Dashboard

Step #2: Unblock the IP Address

  1. Click on the Network tab to bring up the Networking pane.
  2. You will see your current IP address, as reported by your web browser, pre-populated in the cPanel Quick IP Address Unblock field. If you wish to unblock a different IP address, simply replace the address shown in the field with the IP address you wish to unblock.
    If you’re attempting to unblock the IP address of a client, developer, or other party who does not know their public IPV4 address, you can direct them to http://ip.liquidweb.com to obtain their address for you.
  3. Click the Unblock IP button to attempt to automatically remove the IP address in the CSF firewall.

    Unblock

  4. The Unblock IP button will change to Working… while it attempts to delist the IP address. Once the process completes, you should see a banner indicating whether the delisting was successful.

    Success

Step #3: I Got Blocked Again. Why?

There are many reasons why an IP address can be blocked in the firewall, but the two most common are:

  • The use of an incorrect username or password combination when connecting to the server or a service such as email, ftp, ssh, or cPanel/WHM
  • A mod_security rule violation

If you are unable to determine the cause for the block, feel free to contact Heroic Support®. You also may wish to consult the following Knowledge Base articles: Unblocking an IP Address or Opening a Port in the Firewall and How to Manage the CSF Firewall in WHM/cPanel.
 
 

Basic DoS/DDoS Mitigation with the CSF Firewall

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are common threats that every publicly accessible web server faces. The purpose of such attacks, in simplest terms, is to flood a server with connections, overloading it and preventing from accepting legitimate traffic.

Attacks increasingly have become automated instead of directly targeted and botnets (networks of infected computers that can be remotely controlled) continue to grow at a rapid pace, making DoS and DDoS attacks much more common.

Fortunately, CSF can be used to help mitigate small attacks.

Before proceeding, it is important to understand the following points:

  1. There is no way to prevent a DoS/DDoS attack against any server connected to the Internet; once in progress, the only thing that can be done is to try to mitigate its effects.
  2. There is no way to make a server respond normally when it is under attack; the most that can be done is to try to keep it online during the attack by reducing the impact of the incoming traffic.
  3. In some cases, the best way to deal with a large-volume attack is to null-route the server’s IP address. Effectively, that means temporarily taking it offline until the incoming traffic subsides.
  4. Any measures employed within CSF will be effective only against small attacks, and measures should be implemented in CSF only while the server is under attack. The firewall settings always should be restored afterward to minimize disruption of legitimate traffic, as the measures outlined below will slow incoming packets.
  5. CSF is not the only way to mitigate small-scale attacks. Services such as those offered by CloudFlare’s network also may help because they are external, buffering traffic to the server. And for maximum protection against large attacks (millions of incoming packets per second), a specialized DoS mitigation service may be necessary. You can read more about such protection at https://www.liquidweb.com/services/network/ddos.html.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your managed cPanel server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

If you have not already done so, be sure to first back up the current firewall configuration (Part One: How to Back up and Restore the Firewall Configuration) before making any changes. After the attack has subsided, you will want to restore the current firewall configuration using the instructions in that article.

Step #1: Open the Firewall Configuration

  1. In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.
  2. Click on the Firewall Configuration button to open the configuration file.

Step #2: Rate Limit Incoming Traffic

The first thing that can be done to mitigate the effects of an incoming attack is to limit the number of connections per IP address.

When properly configured, CSF will track the number of connections from IP address hitting the server and block IP addresses at the firewall level should they exceed a defined limit.

It’s important not to set the limit too low, as protocols such as FTP, IMAP, and even HTTP all legitimately make multiple connections. Also, remember that most companies as well as homes and public hotspots may have many different computers on their internal network which all share a single public IP address.

  1. To set the limit on connections per IP address, scroll down to the Connection Tracking section of the Firewall Configuration page and set CT_LIMIT to the desired value.
    Connection tracking limit
    For the purposes of this tutorial, we’ll be using 150 connections per IP address as an upper limit. You may find that you need to lower or raise that number but, generally, you should never attempt to set it below about 100.
  2. Assuming the server is under attack, you also will want to disable email alerts by setting CT_EMAIL_ALERT to “0”. Otherwise, the server will send an email every time it blocks an IP address, which will only add to load on the server.
    Disable email alerts when enabling connection tracking
  3. You also may wish to restrict rate limiting to specific ports, which can be done using the CT_PORTS setting. Multiple ports can be added in comma-separated format (with no space in between). In this example, we’re applying rate limiting only to HTTP ports:
    Limit connection tracking to specific ports

With these settings, any IP address that makes more than 150 connections to the web site on the standard and/or secure ports will be blocked in the firewall. By default, that will be a temporary block for 30 minutes. The CT_BLOCK_TIME setting can extend the block period, and by toggling the CT_PERMANENT setting you can arrange for the IP addresses to be blocked permanently.

Step #3: SYNflood Protection

A SYNflood attack is a DoS attack exploiting the TCP (Transmission Control Protocol) connection process itself.

In basic terms, a TCP connection is established using a three-way handshake:

  • The client (incoming connection) sends a synchronization packet (SYN) to the server.
  • The server responds with a synchronization acknowledgement (SYN/ACK) to the client.
  • The client then responds with an acknowledgement (ACK) back to the server.

A SYNflood attack manipulates that three-way handshake by initiating multiple synchronization requests and then refusing to respond with any final acknowledgements. That causes the server, which is keeping a spot open waiting on the client’s final reply to complete their incoming connection, to eventually run out of available connections for the targeted service and appear to be offline.

On a Linux server, you can quickly check for SYN packets by running this command over SSH:
netstat -nap | grep SYN -c
It’s important to note that the presence of SYN packets does not necessarily mean that a server actually is under SYNflood attack. For instance, if load on the server already is high or there is a great deal of incoming traffic, an elevated level is to be expected. Only the presence of a large number (in the hundreds) is likely to be indicative of a possible SYNflood attack.

If you know that the server is under attack, you can configure CSF to help mitigate this type of attack. Otherwise, skip to Step Three and restart the firewall to apply the rate limits you enabled in Step One.

  1. To enable SYNflood protection, locate the Port Flood Settings section of the Firewall Configuration page.
    Port Flood settings
  2. You can enable SYNflood protection by setting SYNFLOOD to “1” and setting the maximum rate and burst:
    • SYNFLOOD_RATE is the number of SYN packets to accept per IP, per second. For the purposes of this tutorial, we’ll be using a value of “75/s” on the assumption that a DoS attack is in progress.
    • SYNFLOOD_BURST is the number of times the IP can hit the rate limit before being blocked in the firewall. A setting of 25 works for our purposes.

You likely will need to raise or lower these settings based on your circumstances. However, a setting above about 100/s for the rate (or 150 for the burst) could be too generous to be effective; Likewise, lowering the rate below about 50/s (or the burst below about 50) could prevent legitimate access to services.

Step #3: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

Next Steps

  1. Once the attack has subsided, you will need to restore the firewall’s previous configuration to avoid disruption of legitimate incoming traffic. If these “under attack” rules are left in place, the added packet scrutiny at the firewall level will slow traffic considerably and can lead to noticeably diminished web server performance.
  2. If you followed the instructions in Part One: How to Back up and Restore the Firewall Configuration to back up the previous configuration, you can easily use the same process to restore those saved settings. You also may wish to save these DoS/DDoS protection settings before restoring the original configuration so that they can be quickly employed in the future if necessary.

 

How to Block or Allow Specific Ports by Country in the CSF Firewall

Advanced Firewall Configuration in WHM/cPanel

In addition to being able to manage traffic from a specific country or a list of countries, CSF allows you to manage access by country to specific ports. This can be useful if you need to ensure that a particular service is available globally (such as your web server on port 80) but want to restrict international access to services such as WHM/cPanel, SSH, or FTP.

You should note that all of the limitations on country-level filtering outlined in Part Two: How to Block Traffic by County in the CSF Firewall apply here as well. Specifically, some ISPs use non-geographic IP addresses, some web services and cloud-based tools may use servers outside the country the companies are based in, and proxy services and virtual private networks easily can mask a visitor’s actual geographic location.

Taken together, that means that some unwanted traffic could get through, and some desired traffic could be blocked under certain circumstances.

Note: At least one of ConfigServer’s servers is in Germany; blocking that country could prevent CSF from being able to update and display an error on the ConfigServer Security&Firewall page in WHM.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your managed cPanel server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

If you have not already done so, back up the current firewall configuration before making any changes.

In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options, then click on the Firewall Configuration button to open the configuration file.

Blocking Access to Specific Ports by Country

Restricting access by port to IP addresses originating in a specific country or countries can be an effective way to help minimize the negative performance impact that country-level blocking can bring.

That’s because the smaller the CIDR (Classless Inter-Domain Routing) range against which each IP making an incoming request is checked, and the fewer requests on that port (SSH on port 22 and FTP on port 21 are likely to see far less traffic than the website itself on port 80), the fewer the resources the firewall checks should require.

In this case, only incoming traffic on the specified port or ports will checked against the CIDR range(s) for the blocked country code(s).

If you wish to deny access to several countries or wish to allow access to a port for only a single country, a better option may be to instead allow access only to that country. Feel free to skip ahead to Allow access to specific ports by country below to learn how to do that.

In this example, we’re blocking access to the standard FTP port, 21, to IP addresses originating in Belgium.

Step #1: Specify the Country or Countries to be Denied

  1. Scroll down to the Country Code Lists and Settings section and add the country code to CC_DENY_PORTS. Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
  2. List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.

Here we’ve specified that traffic originating from Belgium is not allowed to connect on the standard FTP port, 21:Blocking port access by country

Step #2: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

By defining a country in CC_DENY_PORTS and a port in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields, we’ve ensured that the port will remain open to any visitor with valid credentials so long as their IP address does not originate from the specified country.

Allowing Access to Specific Ports by Country

Just as you can deny incoming traffic by port to a specific country or countries, you also can choose to allowing incoming traffic by port to only a specific country or countries. Generally, this should be a better option than attempting to deny port access to a long list of countries because the firewall be working with a smaller CIDR range against which each incoming request must be checked.

To limit the ability to connect on a specific port or ports to visitors with IP addresses originating in a specific country or countries, you must:

  • close the ports in the firewall
  • define the country code allowed to connect on those blocked ports
  • specify the blocked ports to be opened for the specified country

In this example, we’re restricting access to the standard FTP port, 21, to IP addresses based in Germany.

Step #1: Close the Ports in the Firewall

On the Firewall Configuration page, scroll down to the IPv4 Port Settings section, and remove the desired port number from the TCP_IN and UDP_IN (if present) fields.
Here, we’ve removed port 21 from the allowed incoming IPV4 ports, effectively blocking external access to the port:

Remove the port from TCP_IN

Step #2: Specify the Country or Countries to be Allowed

Scroll down to the Country Code Lists and Settings section and add the country code to CC_ALLOW_PORTS.

Here we’ve specified that traffic originating from Germany is allowed to connect on ports which have been otherwise closed in the firewall (we’ll define the specific ports for this allow in the next step):

Allowing a country access to specified ports
Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.

Step #3: Specify the Closed Ports to be Allowed to the Designated Country

Just below the CC_ALLOW_PORTS field, you’ll see CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP.

We’ll add the port to open to the country (or countries) specified in CC_ALLOW_PORTS here, in this case, port 21:

SPecify which ports to open to designated countries

Step #4: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

Now that we’ve closed the standard FTP port in the firewall’s IPV4 Port Settings, no visitor will be able connect to port 21 unless their IP address originates from Germany. At the same time, the setting applies only to port 21 and any visitor, regardless of geographic location, still can view the website or connect to any port open in the firewall.

Next Steps

See Part Five: Basic DDoS Mitigation with CSF

How to Allow Traffic by Country in the CSF Firewall

One of the most-requested features on cPanel servers is the ability to manage and filter traffic at a country level. With the ConfigServer Firewall (CSF) plugin in WebHost Manager, you can do exactly that.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your managed cPanel server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Blocking traffic by country code carries significant overhead, due to the fact that the country-level CIDR ranges can be quite large and the IP address behind each incoming request must be checked against the block list.
One alternative is to instead specifically allow traffic by country code. This approach can minimize the performance hit by country-level filtering whenever traffic from several countries needs to be blocked, or traffic from only one geographic area should be allowed.
If you have not already done so, back up the current firewall configuration (Part One: How to Back up and Restore the Firewall Configuration) before making any changes.

Step #1: Open Firewall Configuration in WHM

  1. In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.
  2. Click on the Firewall Configuration button to open the configuration file.

Step #2: Allow traffic by country code

  1. On the Firewall Configuration page, scroll down to the Country Code Lists and Settings section.

    Use CC_Allow_Filter to restrict access to a specific country or list of countries.

  2. CC_ALLOW_FILTER accepts two-letter country codes, such as “US” for the United States of America, “GB” for Great Britain, and “DE” for Germany.
  • Multiple countries can be comma separated with no spaces in between, such as “US,GB,DE” to deny access to the US, Great Britain, and Germany.
  • You can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.

Note that CSF has two separate “Allow” sections:

  • CC_ALLOW actually opens the firewall to all traffic on all ports from the listed countries, bypassing any port and protocol rules in place. It should not be used.
  • CC_ALLOW_FILTER allows only traffic from the specified country or countries, but respects the port and packet rules elsewhere in the firewall configuration. This is the preferred method for allowing traffic by country code.

Step #3: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

Next Steps

See Part Four: How to Block or Allow Specific Ports by Country in the CSF Firewall
 

How to Block Traffic by Country in the CSF Firewall

One of the most-requested features on cPanel servers is the ability to manage and filter traffic at a country level. With the ConfigServer Firewall (CSF) plugin in WebHost Manager, you can do exactly that.

Country-level filtering in CSF uses the Maxmind GeoLite Country database to obtain CIDR (Classless Inter-Domain Routing) ranges for specific countries. Each CIDR range covers all the IP addresses assigned to that country.

There are a number of reasons why a server administrator may wish to block traffic from a specific country, with reducing bandwidth, minimizing exposure to security risks, and ensuring that a site’s content is viewable only in geographic locations where it is permitted among the most common. However, there are several important factors to consider before choosing to filter traffic at the country level:

  • A small percentage of unwanted traffic still may get through, and a small percentage of desired traffic could be blocked, because:
    • the CIDR range lists used for country-level blocks are not 100 percent accurate.
    • some Internet Service Providers and web services use non-geographic IP addresses for their clients.
    • proxy services and virtual private networks can be used to mask a visitor’s true geographic location.
  • Country-level filtering applies only to incoming connections. Outbound traffic is not affected.
  • Using country-level filtering will negatively impact performance and you will notice slower response times on your websites. This is due to the sheer size of the CIDR range lists (the list for the U.S. is 621K in plain text and contains more than 37,000 entries) and the fact that the firewall must check each incoming IP address against the chosen list(s).

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

If you have not already done so, back up the current firewall configuration before making any changes.

Step #1: Open the Firewall Plugin in WHM

  1. In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.
  2. Click on the Firewall Configuration button to open the configuration file.
    Edit the CSF configuration file

Step #2: Deny Access by Country Code

CSF does not recommend the use of country-level blocks on any VPS or small server unless the CIDR range for the chosen country is very small. The use of a large-range country block on a small server or VPS could slow the server to the point that it becomes inaccessible.

If you’re using a VPS or have any question as to whether your server has the resources to effectively implement a country-level block, you may find it more practical to allow or deny traffic by country code to specific ports, which we cover in Parts Three and Four.

  1. On the Firewall Configuration page, scroll down to the Country Code Lists and Settings section.
    ccallowdeny1
  2. Use the CC_DENY field to block by country code:
    • The CC_DENY field accepts two-letter country codes, such as “US” for the United States of America, “GB” for Great Britain, and “DE” for Germany.
    • Multiple countries can be comma separated with no spaces in between, such as “US,GB,DE” to deny access to the US, Great Britain, and Germany.
    • You may find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
    • Do NOT use the CC_ALLOW field to allow traffic by country code. CC_ALLOW opens the firewall to all traffic on all ports from the listed countries, bypassing any port and protocol rules in place.
Note: At least one of ConfigServer’s servers is in Germany; blocking that country could prevent CSF from being able to update and display an error on the ConfigServer Security&Firewall page in WHM.

Step #3: Save Your Changes and Restart the Firewall

  1. Scroll to the bottom of the Firewall Configuration page and click on the Change button.
  2. On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.
    Restart csf and lfd for new settings to take effect

Next Steps

See Part Three: How to Allow Traffic by Country in the CSF Firewall
 

How to Back up and Restore the CSF Firewall Configuration

Prior to making direct edits to the firewall configuration file or changing advanced firewall settings in WHM, a backup of the current configuration should be taken so that the settings can quickly and easily be reverted if needed.

Pre-Flight Check

  • This series assumes you have the ConfigServer Firewall (CSF) installed on your cPanel server, and you have access to WebHost Manager (WHM).
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

How to Back up the Firewall Configuration

Step #1:

In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.

Open the Firewall Configuration in WHM

Step #2: Open and Back up the Profile

  1. Scroll down to the csf – ConfigServer Firewall section and click the Firewall Profiles button.
  2. On the Firewall Profiles page, scroll down to the Backup csf.conf section, enter a name to identify the backup and click the Create Backup button.
    Back up the Firewall Configuration
  3. The next screen will show you the location of the backup file, which you’ll want to note in case you need to restore.
    CSF backup creation

How to Restore a Saved Configuration

Step #1: Open the Firewall Plugin in WHM

In WebHost Manager, locate and select ConfigServer Security & Firewall under the Plugins section in the left menu. You also can begin typing “fire” into the search field at the top left to narrow down the options.

Step #2: Open and Restore the Saved Backup

  1. Scroll down to the csf – ConfigServer Firewall section and click the Firewall Profiles button.
  2. On the Firewall Profiles page, scroll down to the Restore Backup Of csf.conf section and click on the name of the desired backup.
    Select CSF config backup to restore
  3. Click the Restore Backup button.
  4. On the next screen, click the Restart csf+lfd button to restart the firewall with the settings from the backup file.
    Backup restored

Next Steps

Now that you’re familiar with backing up and restoring a firewall configuration file, you’re ready to explore some of CSF’s advanced features.
See Part Two: How to Block by Country in the CSF Firewall.

Unblocking an IP Address or Opening a Port in the Firewall

Should you discover (or suspect) that a client or customer’s IP address has been blocked by the firewall on your cPanel server, or should you just need to open or close a port, you may be able to quickly resolve the issue yourself with just a little help.

Regardless of the software firewall your cPanel server is running, we have detailed, step-by-step instructions for managing it in our Knowledge Base:

  • How To Unblock Your IP Address in Manage: If you have a Dedicated, Storm, or VPS server, and your server is running the CSF firewall, you can unblock the IP address from your Manage dashboard. Find out how at How To Unblock Your IP Address in Manage.
  • Managing the Firewall in WHM/cPanel: If you have access to WebHost Manager and your server is running the ConfigServer Firewall (CSF), you can use a graphical interface to manage the firewall. Find out how at Managing the CSF Firewall in WHM.
  • Managing IP Address Blocks in CSF: You can manage IP blocks in the CSF firewall from the command line over SSH as well. Find out how at How To Unblock an IP Address in CSF.
  • Managing IP Address Blocks in APF: If your server uses the Advanced Policy Firewall (APF), you can block or unblock IP addresses via SSH with our walkthrough at How To Unblock an IP Address in APF.
  • Managing Open Ports In Your Firewall: If you need to open or close a port on your server, or check whether a specific port is open, visit Opening Ports in Your Firewall for a walkthrough of the process using SSH, or How To Open a Port in CSF With WHM/cPanel to manage ports in WHM/cPanel.

 

How To Unblock an IP Address in APF

Advanced Policy Firewall, or APF, is a software firewall commonly installed on Liquid Web servers. It is an interface to iptables, which is standard software for managing network ports on Linux. Interacting with iptables can be complex, but APF greatly simplifies the process. APF is only accessible via ssh, and there is no way to make changes in APF through WHM or cPanel.

Pre-Flight Check
  • These instructions are intended specifically for unblocking an IP Address in APF.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.
  • For further details, see our in-depth look at the APF firewall.
Check APF for Your IP Address

Let’s say that you want to check whether or not a specific IP address, maybe 8.8.8.8 , is blocked by APF. That’s easy!

grep 8.8.8.8 /etc/apf/*

You may receive a result similar to:

/etc/apf/deny_hosts.rules:# added 8.8.8.8 on 04/25/14 13:42:01 with comment: {bfd.courier}
/etc/apf/deny_hosts.rules:8.8.8.8

The above means that BFD detected a brute force attack from the IP 8.8.8.8 on port 25, and automatically added a rule to APF to prevent future connections specifically from that IP address.

Continue reading “How To Unblock an IP Address in APF”

How To Unblock an IP Address in CSF

CSF is generally considered an advanced firewall given it has many more configuration options than most other software firewalls (such as APF). It’s also still simple enough to install and configure, even for novice system administrators. For a simple overview on how to install and configure CSF and its security plugin LFD (Login Failure Daemon), visit our tutorial.

Check CSF for Your IP Address

Let’s say that you want to check whether or not a specific IP address, maybe 8.8.8.8 , is blocked by CSF. That’s easy!

csf -g 8.8.8.8

Continue reading “How To Unblock an IP Address in CSF”