What is CSF and Managing Your CSF.
Posted by on 28 November 2017 05:33 PM
What is CSF (ConfigServer Security & Firewall)?
ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.
ConfigServe Firewall also comes with a service called Login Failure Daemon, or LFD. LFD watches your user activity for excessive login failures which are commonly seen during brute force attacks. If a large amount of login failures are seen coming from the same IP address, that IP will immediately be temporarily blocked from all services on your server. These IP blocks will automatically expire, however they can be removed manually through the ConfigServer interface in WebHost Manager. In addition to removing IPs, CSF also allows you to manually whitelist or blacklist IPs in your firewall, as well as real time monitoring for automatic IP blocks in LFD.
How to whitelist an IP Address in ConfigServer Firewall (CSF)
ConfigServe Firewall (CSF) allows you to manually whitelist and blacklist IP addresses in your server’s firewall. In this article we will cover how to whitelist your IP Address.
It is a good idea to whitelist IP addresses on your server you can trust, such as the IP address of your home network. Whitelisting your own IP will prevent you from getting blocked from your server, which will save you time in the long run. To obtain your WAN IP address, navigate to http://www.whatismyip.com/ and copy the number at the top of your page. For this example, we will use “18.104.22.168” as our IP.
How to blacklist an IP Address in ConfigServer Firewall (CSF)
In this article we will cover how to blacklist an IP Address.
Blacklisting an IP is done the same way as whitelisting, however the difference is blacklisting an IP will completely block the address from your server. It is good to blacklist IP addresses which you do not want connecting to your server.
Removing IP Addresses from ConfigServer Firewall (CSF)
Sometimes users will experience connection problems to your server. When these problems are reported, the first thing you should check is your server’s firewall.
In order to investigate, you must first obtain the user’s IP Address. To get their IP, instruct them to navigate to http://www.whatismyip.com and provide you with the IP shown at the top of the page.