What Is IP Allowlisting in CSF?

ConfigServer Security & Firewall (CSF) protects your server by blocking unauthorised traffic. If a legitimate IP address gets blocked — for example, due to too many failed login attempts — you can add it to the allow list (whitelist) to ensure it is never blocked again. This is useful for office IPs, developer machines, or trusted third-party services.

Steps to Allow (Whitelist) an IP Address

  1. Log in to WHM as the root user.
  2. Navigate to Home » Plugins » ConfigServer Security & Firewall.
  3. Find the csf – Quick Actions section on the main page.
  4. Locate the Quick Allow option.
  5. Enter the IP address you want to allow in the text field (e.g., 203.0.113.50).
  6. Click Quick Allow.
  7. CSF will add the IP to /etc/csf/csf.allow and automatically restart the firewall rules.

Alternative: Manual Allow

You can also allow an IP by editing the CSF allow list directly:

  1. In the CSF main page, click Firewall Allow IPs (under the csf – ConfigServer Firewall section).
  2. Enter the IP address and an optional comment (e.g., 203.0.113.50 # office IP).
  3. Click Allow IP.

Important Notes

  • Use caution when allowing IPs. A whitelisted IP bypasses many of CSF's protection rules, including login failure limits and temporary blocks.
  • If the IP was previously blocked, allowing it will automatically remove it from the block list.
  • You can allow an entire CIDR range (e.g., 203.0.113.0/24), but this is less secure than specifying a single IP.
  • Changes take effect immediately — no manual firewall restart is needed.

Troubleshooting

  • IP is still blocked after allowing: Check whether the IP is also listed in csf.deny or csf.ignore. You may need to remove it from the deny list first.
  • Can't find CSF in WHM: ConfigServer Security & Firewall is a third-party plugin. If it's not installed, you can install it via ConfigServer's installation script.
  • CSF page shows errors: Ensure your server's iptables modules are loaded and CSF testing mode is disabled (Testing Mode set to 0 in /etc/csf/csf.conf).

For more information, see the ConfigServer Firewall documentation.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...