Using CSF to Temporarily Block IP Addresses in WHM

Using CSF to Temporarily Block IP Addresses in WHM

Every security system for WHM or a software application like WordPress utilizes lockouts and bans to keep the site safe. These can be based on a number of criteria such as too many failed authentication attempts. The server maintains a permanent ban list that can also be synchronized with the global blacklists maintained by the community. But sometimes you don’t want to use a nuclear option by banning an IP address permanently from your server. For one, dynamic IPs mean that a person might be able to access your server from another address. And the related problem is that the banned IP may then be assigned to a benign user.

firewall

In other situations, you may only want to deny someone access for a short period of time. A typical example is when someone isn’t following the commenting rules on your site. You don’t want to permanently ban their IP, but just cool them off for a few days. To do this via WordPress, you’ll need to install specific plug-ins or implement some other manual solution. But most WHM installations already have the CSF firewall installed. Using this, you can easily ban IP addresses from your server for a specific period of time as well as for a certain IP range.

Let’s take a look at how to achieve this via the GUI as well as the commandline.

Temporary Bans via the GUI

The most direct way to use CSF for banning an IP address is by logging into your WHM installation with the appropriate permissions and navigating down to the “ConfigServer Security & Firewall” menu item. If you haven’t yet installed the ConfigServer Firewall, it’s something that you should take care of immediately. It’s pretty much a standard for WHM and your first line of defense. I’ve already written an article on how to install CSF from scratch.

Once you’ve opened up your CSF options, scroll down till you come to the button labeled “Temporary Allow/Deny”.

This is a section where you specify the IP address (or the range of IP addresses) to ban as well as the duration and the ports. The latter two parameters are optional and by default the tool will block all ports and the timeout will be set to 3600 seconds or one hour. You can see in the screenshot below that you enter your IP address in the required field, enter a comment if you want and then simply click the “Temporary Allow/Deny” button to activate the changes:

After that, you can confirm that it has been blocked by clicking the “Temporary IP Entries” button also highlighted above. This will bring up a table with all temp bans. In our situation, there is just one rule so far.

Clicking the “unlock” icon next to each entry will manually remove the ban, whereas clicking the “thumb pin” will lead to a permanent ban instead, but will remove it from the temporary table. As you can see using the GUI requires a few steps, but it’s extremely simple and intuitive. Let’s see how to achieve the same effect via the commandline.

Temp Bans via the CLI

If you have SSH access to your WHM server, temporarily banning an IP address can take just a few seconds and one command. It’s the classic trade-off – power versus convenience. To do this, simply open up your CLI and type in the following command to block IP address 6.6.6.6 for one hour:

csf -td 6.6.6.6

That’s it! Of course, this is the bare minimum command with no additional parameters. You can also specify the timeout period via the “ttl” parameter as well as the port numbers. Apart from the confirmation you receive when the command is successfully run, you may want to check the temporary list in order to see which other IP addresses have been banned. To do that, execute:

csf -t

This will spit out a list of all IP addresses on the temporary ban list. Whether you choose to use the CLI or the GUI, the CSF add-on makes it extremely easy to manage short-term lockouts on your website.

Leave a Reply

This Website is Hosted by

Powered by RamNode

Disclosure: We receive a compensation from some of the companies whose products or services are presented on our website.