Config Server Firewall or CSF is a Stateful Packet Inspection (SPI) firewall that is a powerful and must-install application that you can install via WHM on cPanel. It works as a system for intrusion detection and a prime security application for your Linux server. As a security tool, CSF protects your server against various common threats such as brute force attacks while improving the overall server security.
The CSF application is also available for other control panel applications to install and deploy.
Table of Contents
To Install CSF Firewall
To install CSF on cPanel, you have to use your serverās SSH access.
1. Log in to the WHM panel with the root account.
2. Select theĀ Server ConfigurationĀ option from the navigation menu.
3. Click onĀ TerminalĀ to open the WHM terminal window.
4. Copy/enter this code in theĀ TerminalĀ window.
cd /usr/local/src/
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.shWHM will run the command and automatically download the compatible version of CSF for cPanel.
5. Press Enter to run the installation.
The WHM panel will begin the installation process of the CSF application and display a success message for the completed installation.
Once you install the CSF application, you will have to configure it.
To Configure the CSF Firewall
1. Go back to theĀ HomeĀ of your WHM dashboard and select theĀ PluginsĀ option from the navigation menu.
2. Here, you will see the optionĀ ConfigServer Security & Firewall.Ā Click on it.
Here, you will find a variety of options to configure the ConfigServer Security & Firewall application.
3. Click on the csf tab.
4. Scroll down a little to theĀ csf ā ConfigServer FirewallĀ section and click on theĀ Firewall ConfigurationĀ button.
You will find all the options for the firewall configurations. We will see a quick rundown on the important settings to get you started.
1. Settings for Port Filtering Configuration ā IPv4 Port
For the IPv4 Port, you will notice these ports as open by default:
TCP_IN = ā20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,26ā
TCP_OUT = ā20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703ā
UDP_IN 20,21,53
UDP_OUT 20,21,53,113,123,873,6277
Once you have changed your SSH port number, add this new port on the IPv4 Port Settings and/or IPv6 Port Settings. You can also add a specific port for a newly installed application on the server from this section.
We recommend the users who deploy the R1soft/Idera external backup solution to allow the inbound traffic for TCP port 1167 in the port TCP_IN section.
2. Activate the Syslog Monitoring
Scroll down to theĀ General SettingsĀ section and set theĀ SYSLOG_CHECKĀ toĀ 1800.
3. Activate the Detection of Suspicious Processes
Scroll down to the Process Tracking section.
Set āPT_ALL_USERSā to āONā
Set āPT_DELETEDā to āONā
4. Activate Spam Protection and Detection of Suspicious Emails
With CSF, you can secure your server from spams and bulk email activity.
Scroll down to theĀ SMTP SettingsĀ section.
Switch theĀ SMTP_BLOCKĀ toĀ On.
Scroll down to theĀ Login Failure Blocking and AlertsĀ section
Locate theĀ LF_SCRIPT_LIMITĀ and set it toĀ 250. It will detect the scripts sending more than 250 emails in an hour.
Switch theĀ LF_SCRIPT_ALERTĀ toĀ On. It will alert the system administrator via email when theĀ LF_SCRIPT_LIMITĀ is breached.
5. Save the Changes and Confirm the Status
Scroll down to the end of the page and click theĀ ChangeĀ button.
Click the Return button to go back to the main dashboard of the ConfigServer Security & Firewall application.
After confirming that you have made all the necessary configurations, you need to:
Disable Testing
Currently, your CSF application is running in the Test Mode. You have to deactivate the mode.
Reaccess theĀ csf ā ConfigServer FirewallĀ section and click theĀ Firewall ConfigurationĀ button.
Locate theĀ TESTINGĀ option in theĀ Initial SettingsĀ section.
Click on theĀ OffĀ switch.
Again, you have to repeat the process to save the configurations. Click the Change button, and then the Restart csf+isd button.
With it, you will have successfully installed and activated theĀ CSF Firewall on your cPanel server.
