Whitelisting an IP Address in CSF Firewall

There are 3 ways to whitelist an IP address in ConfigServer Security & Firewall (csf). Whitelisting an IP address will allow the IP address to access all ports on the server including any closed ports. For example, you can block SSH port 22 on the server. Then add your IP address to the whitelist, now you will be able to access SSH from your IP address.

Using WHM

Login to WHM as user root. Then go to WHM > Plugins > ConfigServer Security & Firewall.

whitelist IP in csf

On the text box right side of the “Quick Allow” button, enter the IP address you need to whitelist. Then click on the “Quick Allow” button.

The Quick Deny option below can be used to block an IP address from accessing the server.

Quick Ignore allows you to ignore any IP address. This is the same as Quick ALlow. The difference is if you whitelist an IP address using the Quick Allow option and if the IP fails some ModSecurity rules or makes several failed logins, it gets blocked. If you ignored an IP address, it will never get blocked by ModSecurity or lfd.

Using csf command

If you are logged in to SSH or WHM > Terminal, you can run the following command to whitelist an IP address.

IP address can be a single IP address or IP range in CIDR format.

To block an IP, use

Manually editing csf.allow

To allow an IP or IP range (CIDR format), you can edit the file

If you need to Ignore an IP address, then add IP to file

IPs added to csf.ignore will never get banned due to LDF or ModSecurity failures. Ips in csf.allow can be blocked by ModSecurity or lfd.

Add your IP to the file. Then restart csf firewall.

See csf

Leave a Reply

Your email address will not be published. Required fields are marked *