ConfigServer Security & Firewall (CSF) is a popular firewall and intrusion detection plugin for WHM. The Quick Deny feature allows you to quickly block an IP address from accessing your server. Denied IPs are added to the /etc/csf/csf.deny file and will be immediately blocked by the firewall.

Steps to Deny an IP Address via CSF

  1. Log in to WHM as the root user.
  2. Navigate to Home » Plugins » ConfigServer Security & Firewall.
  3. Scroll down to the csf — Quick Actions section.
  4. Find the Quick Deny option.
  5. Enter the IP address you want to block in the text field (e.g., 192.168.1.100).
  6. Click Quick Deny to add the IP to the blocklist.

The IP will be blocked immediately. You will see a confirmation message at the top of the page.

Alternative: Deny via the Deny IP Section

You can also deny IPs using the dedicated deny management area:

  1. In the CSF main page, find the Quick Actions section and click Deny IP address, or navigate to the Firewall Deny IPs section directly.
  2. Enter the IP address (one per line) and optionally add a comment explaining why the IP is blocked.
  3. Click Change to save.

Important Notes

  • CSF must be installed and enabled on your server for this feature to work. If you don't see the Plugins menu, CSF may not be installed.
  • Denied IPs are added to /etc/csf/csf.deny. If CSF is restarted or the firewall rules are reloaded, the block persists because it is stored in this configuration file.
  • Be careful not to deny your own IP address — this will lock you out of WHM and SSH. If this happens, you will need console access or another IP to remove the block.
  • You can view and manage all denied IPs in the Firewall Deny IPs section of CSF.
  • CSF also supports temporary denies via csf — Temp Deny, which expire after a set time (useful for blocking suspicious traffic temporarily).
  • To remove a denied IP, go to the Firewall Deny IPs section, remove the IP from the list, and click Change.

Troubleshooting

  • CSF not visible in WHM: CSF may not be installed. You can install it via SSH by following the official CSF installation guide.
  • Denied IP can still access the server: Ensure the firewall is running. In CSF, check that the status shows Firewall: Running. You may also need to click Restart Firewall after making changes.
  • Locked out after denying an IP: If you accidentally blocked your own IP, you will need to access the server via an alternative method (console/VNC) and manually remove your IP from /etc/csf/csf.deny, then restart CSF with the csf -r command.
  • Want to block an IP range: Use CIDR notation in the Quick Deny field, e.g., 192.168.1.0/24 to block an entire subnet.

For more information, see the official CSF documentation.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...