How to Unblock an IP Address in WHM With CSF

How to Unblock an IP Address in WHM With CSF

One of the first things you should do after installing WHM onto a server is to download and configure the CSF firewall. One of the most important accessories of CSF is called the Login Failure Daemon or lfd for short. This constantly monitors login attempts from various sources like SSH and the regular login screens and blocks IP addresses if they detect an attack. We’ve also seen how to synchronize IP address whitelists and blacklists amongst your server cluster. While this is a remarkably effective strategy, it’s also a bit dangerous. It’s easy for a user to lock themselves out of their cPanel or WHM installation – usually during the first few days of their account creation. Either they use the wrong password, the wrong username, or for some other reason. Not only can their IP address be blocked from that specific server, it will also be denied from all of the others as well, leading to a complete shutdown.

Fortunately, there you can unblock an IP address from within WHM using CSF. Here’s how to go about it.

Getting your IP Address and Logging in

The first step is to find out which IP address is blocked. If you are facing this problem yourself, you need to resort to a third-party service to tell you which one it is. Otherwise if you’re behind a router, your internal IP address will be a local one invisible to the public Internet. One way is to simply open up Google and type in the query “what is my IP address”. As shown in the screenshot below, it will respond with what it perceives to be the address from where your request is coming from.

learn your IP address

Once you have this information, you need to be able to login to WHM using another address. This can be a bit tricky if you don’t have another way to access the Internet from a different location. You might try logging in from a Virtual Private Network or VPN. If it’s a corporate or a VPN that is not well known, you shouldn’t have any problems. But well-known VPN services often have their IP addresses blocked due to the number of requests that can emanate from them.

One way or the other, you’ll need to access WHM and login.

Firewall Configuration

Head over to the CSF firewall page and locate the option called Firewall Deny IPs. This is actually an interface to a file called csf.deny which holds all the IP addresses blocked by CSF either on this server, or on one of the associated clusters. We’ll need to take our IP address out of this file before we do anything else.

deny from firewall

When you click on this option, the file opens up in the next page. Use the browser search functionality to find the line beginning with the IP address you want to un-block. You can see in the screenshot here, that the IP address I discovered in Google has indeed been blocked. Delete this line entirely and click the “Change” button on the bottom.

locate IP address in deny log

After this, you just have to restart CSF. This option will be placed in front of you in the next screen. Simply click the button to restart both CSF and lfd and once done, your IP address should be unblocked once again!

Permanent Unblock

To be on the safe side, once you’ve removed an IP address from csf.deny, you might want to permanently allow it through the firewall. Keep in mind that you might be using a dynamic IP address that changes regularly. If so, this is not a good idea. But if you plan to access the server from a constant IP address – like one used by a VPN for example, here’s how you give it the green signal.

permanent unblock

As seen above, go to the CSF settings and add the IP address to the “Quick Allow” and “Quick Ignore” options. This will keep it safe from lfd and will also add it to the csf.allow file. If you’re a server administrator and want to be assured of always having access to WHM, make sure that you whitelist the IP addresses from which you access the server in this manner.

2 Comments on “How to Unblock an IP Address in WHM With CSF”!

  1. Avatar

    i have a case….if am on a shared hosting, and i have 50 emails users, who are distributed among 3 countries, and in some location 3 to 5 of them using one single dynamic internet IP, and the cpanel/whm firewall consider them as a bruteforce attack because of mutliple logins from the same IP, is there any solution for this?

Leave a Reply

This Website is Hosted by

Powered by RamNode

Disclosure: We receive a compensation from some of the companies whose products or services are presented on our website.