ConfigServer Security & Firewall (CSF) is protecting our servers from a wide variety of remote attacks. As a reseller, one common task you might need to perform is searching for blocked IPs of you or your clients and unblocking them. This guide will walk you through the steps to accomplish this using the CSF interface in WHM.
Accessing ConfigServer Security & Firewall (CSF) in WHM
- Log in to WHM: Open your WHM interface and log in with your credentials.
- Navigate to CSF:
- In the left-hand sidebar, scroll down to the "Plugins" section.
- Click on "ConfigServer Security & Firewall" to open the CSF interface.
The ConfigServer Security & Firewall (CSF) Reseller Interface
Reseller accounts are provided with a limited interface that they can use to search for IP restrictions and block restricted IPs:
Searching for Blocked IPs
-
Using the "Search for IP" function:
- In the CSF interface, find the "Search for IP" button.
- Enter the IP address you wish to search for in the input box next to the button.
- Click the "Search for IP" button.
-
Check the Block List:
- The results will indicate if the IP is in the CSF block list, sometimes along with details about why it was blocked.
Unblocking an IP Address
-
Using the "Quick Unblock" function:
- In the CSF interface, locate the "Quick Unblock" button.
- Enter the IP address you want to unblock in the input box next to the button.
- Click the "Quick Unblock" button.
-
Confirmation:
- If the IP address was blocked, you will receive a confirmation message indicating that the IP address has been removed from the block list.
Best Practices and Notes
- Understand Blocking Reasons: Before unblocking an IP, understand the reason why it was blocked to avoid potential security risks.
- Depending on the type of restriction, the reason may be shown when looking up an IP address.
- Other times, usually with temporary blocks, you can determine the possible cause by the ports that were restricted. For example, if you find a temporary block on the email ports 25, 26, 465 and 587, such as in the above screenshot, then the IP address was most probably restricted because of failed login attempts to the IMAP, POP3 and/or SMTP services. Then it's possible that an incorrect username or password is saved for an email account on the respective device.
- Unblocking Only Trusted IPs: Only trusted IP addresses should be unblocked from the firewall. If you're not sure who the IP address belongs to, or if you don't trust it 100%, you should not unblock it from the firewall.
- Permanent Blocks: Some IP addresses may be permanently blocked by us if it's part of an abusive network. If you are unable to unblock a blocked IP address, please contact our technical support department for more information.
By following this guide, you can efficiently search for and unblock IP addresses using the ConfigServer Security & Firewall (CSF) reseller interface in WHM, making it easier for you to troubleshoot connectivity issues.
Updated by SP on 28/05/2024