Knowledgebase
What is CSF and Managing Your CSF.
Posted by Sugen S. on 28 November 2017 05:33 PM

What is CSF (ConfigServer Security & Firewall)?

ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.

ConfigServe Firewall also comes with a service called Login Failure Daemon, or LFD. LFD watches your user activity for excessive login failures which are commonly seen during brute force attacks. If a large amount of login failures are seen coming from the same IP address, that IP will immediately be temporarily blocked from all services on your server. These IP blocks will automatically expire, however they can be removed manually through the ConfigServer interface in WebHost Manager. In addition to removing IPs, CSF also allows you to manually whitelist or blacklist IPs in your firewall, as well as real time monitoring for automatic IP blocks in LFD. 

 

How to whitelist an IP Address in ConfigServer Firewall (CSF)

ConfigServe Firewall (CSF) allows you to manually whitelist and blacklist IP addresses in your server’s firewall. In this article we will cover how to whitelist your IP Address.

It is a good idea to whitelist IP addresses on your server you can trust, such as the IP address of your home network. Whitelisting your own IP will prevent you from getting blocked from your server, which will save you time in the long run. To obtain your WAN IP address, navigate to http://www.whatismyip.com/ and copy the number at the top of your page. For this example, we will use “12.34.56.78” as our IP.

    1. First you will need to log in to Web Host Manager. 
    2. Once logged in, click on “Plugins” followed by “ConfigServer Security & Firewall”. 
    3. Next, scroll down to the ConfigServer Firewall section. Here you will see a number of different options for managing IP addresses.
    4. Look for the “Quick Allow” option (it should be a green box). All you need to do is type in your IP, then click on the “Quick Allow” button. It is also a good idea to write a comment, such as “Home Computer” or “Web Developer”, for the IP so you can remember what it was added for.
    5. Congratulations, you have successfully whitelisted an IP Address in ConfigServe Firewall.

How to blacklist an IP Address in ConfigServer Firewall (CSF)

In this article we will cover how to blacklist an IP Address.

Blacklisting an IP is done the same way as whitelisting, however the difference is blacklisting an IP will completely block the address from your server. It is good to blacklist IP addresses which you do not want connecting to your server.

  1. First you will need to log in to Web Host Manager. 
  2. Once logged in, click on “Plugins” followed by “ConfigServer Security & Firewall”.
  3. Next, scroll down to the ConfigServer Firewall section. Here you will see a number of different options for managing IP addresses.
  4. Look for the “Quick Deny” option (it should be a red box). All you need to do is type in the IP and click on the “Quick Deny” button. It is also a good idea to write a comment, such as “Attempted Hacker” or “Disgruntled Employee”, for the IP so you can remember what it was added for.
  5. Congratulations, you have successfully blacklisted an IP Address in ConfigServe Firewall.

Removing IP Addresses from ConfigServer Firewall (CSF)

Sometimes users will experience connection problems to your server. When these problems are reported, the first thing you should check is your server’s firewall.

In order to investigate, you must first obtain the user’s IP Address. To get their IP, instruct them to navigate to http://www.whatismyip.com and provide you with the IP shown at the top of the page.

    1. First you will need to log in to Web Host Manager. 
    2. Once logged in, click on “Plugins” followed by “ConfigServer Security & Firewall”.
    3. Next, scroll down to the ConfigServer Firewall section. Here you will see a number of different options for managing IP addresses.
    4. Look for the “Search for IP” option. Enter the IP address provided to you and click on the “Search for IP” button.
      1. You will receive either a confirmation that the IP Address was blocked, including the reason, or confirmation that the IP is not blacklisted.
    5. To unblock the IP Address, simply click the gold lock icon. This will provide you with a completion message confirming the IP was unblocked.
(0 vote(s))
Helpful
Not helpful

Comments (0)
Copyright © 1998 - 2018 Shinjiru International Inc. All Rights Reserved.