Whitelist IP address in CSF from WHM, ConfigServer Security & Firewall (CSF) is a firewall management tool for Linux servers, commonly used with Web Host Manager (WHM). If you’re managing a server via WHM, you might need to whitelist an IP address in CSF to ensure it isn’t blocked by the firewall. Here’s a detailed guide on how to whitelist an IP address using CSF in WHM.
Table of Contents
Step 1: Log in to WHM
- Open your WHM login page by navigating to
https://your-server-ip:2087in your web browser. - Enter your administrator username and password to access WHM.
Step 2: Locate the CSF Plugin
Once inside WHM, search for “ConfigServer Security & Firewall” in the search bar on the left side of the dashboard. This should bring up the CSF plugin. Click on it to open the CSF interface.
Note: If you don’t see ConfigServer Security & Firewall in WHM, you may need to install it manually or contact your hosting provider.
Step 3: Whitelist IP address in CSF from WHM
Within the CSF dashboard, you’ll find a range of options and configurations for managing the firewall. To Whitelist IP address in CSF, look for the “Quick Allow” option. This feature is specifically for adding IP addresses to the whitelist.
Step 4: Enter the IP Address to Whitelist
In the “Quick Allow” field, you want to enter the Whitelist IP address in CSF. Here’s what you should keep in mind:
- Make sure the IP address is entered correctly. A small typo can result in the wrong IP being allowed.
- You can also add comments to identify why the IP was added. For instance, if you’re allowing an IP address for a specific developer, you could add a comment like
developer-access.
The format for entering the IP address is as follows:
IP_ADDRESS # commentFor example:
192.168.1.1 # developer-accessStep 5: Add the IP Address
Click the “Quick Allow” button to Whitelist IP address in CSF will now process the entry and update the firewall rules to allow this IP. Once done, you should see a confirmation message indicating that the IP has been added successfully.
Step 6: Verify the IP Address is Whitelisted
To ensure the IP address has been correctly added to the whitelist, navigate to the “csf.allow” file. You can do this directly within WHM by going to:
- CSF interface in WHM
- “Allow IPs” or view the file itself by clicking “Edit” next to
csf.allow.
Within the csf.allow file, you should see your IP address along with any comments you added, confirming that it’s whitelisted.
Additional Tips for Managing Whitelisted IPs
- Use CIDR Notation for IP Ranges: If you need to allow a range of IP addresses, use CIDR notation. For example,
192.168.1.0/24will whitelist all IPs from192.168.1.1to192.168.1.255. - Check Existing Rules: If the IP you’re trying to whitelist is blocked, review both
csf.denyandcsf.allowfiles. If it’s listed incsf.deny, it might still be blocked, even if added to the allow list. Remove the IP fromcsf.denybefore adding it tocsf.allow. - Use WHM for Management: Though you can manually edit
csf.allowandcsf.denyfiles from the command line, WHM simplifies this by providing a graphical interface.
Step 7: Restart CSF and LFD (Optional but Recommended)
After making changes to the firewall rules, it’s often a good idea to restart both CSF and LFD (Login Failure Daemon) to ensure the new settings take effect.
To do this:
- Go back to the main CSF dashboard in WHM.
- Click on the “Firewall Restart” button.
- Restarting ensures that any new rules are active and that all changes are fully applied.
Troubleshooting Tips
- IP Still Blocked After Whitelisting: If the IP is still blocked, make sure it’s not listed in
csf.deny. Also, check if the IP might be part of a larger blocked IP range. - Review Logs: The CSF logs (
/var/log/lfd.log) can provide insights into why an IP was blocked or if there were any issues processing the whitelist IP address in CSF . - Ensure Proper Syntax: When editing manually, always double-check your syntax. Any incorrect entries may prevent CSF from processing correctly.
By following these steps, you’ll be able to successfully whitelist IP address in CSF using WHM. This can be essential for allowing trusted users or services to access your server without interruption.
