ConfigServer Security and Firewall (CSF) is a popular firewall and intrusion detection plugin for WHM. If a legitimate IP address is being blocked or flagged by CSF — for example, a trusted external service or an administrator's static IP that triggered a temporary ban — you can add it to the ignore list so it is never blocked.

Step 1: Log in to WHM

Navigate to https://your-server-ip:2087 and log in with your root credentials.

Step 2: Open CSF

In the left-hand sidebar, go to Plugins » ConfigServer Security & Firewall.

Step 3: Use Quick Ignore

Scroll down to the csf — Quick Actions section and locate the Quick Ignore option.

Step 4: Enter the IP Address

Type the IP address you want to ignore in the input field (e.g., 192.0.2.50). Then click the Quick Ignore button.

The IP will be added to the /etc/csf/csf.ignore file and will no longer be blocked or flagged by the firewall or lfd (Login Failure Daemon).

Important Notes

  • Use with caution. Ignoring an IP means CSF will never block it, even if it exhibits malicious behaviour. Only add IPs you fully trust.
  • You can also add IPs to the ignore list manually by editing /etc/csf/csf.ignore via SSH or the WHM terminal.
  • To remove an IP from the ignore list, edit /etc/csf/csf.ignore and restart CSF by clicking Restart csf+lfd at the top of the CSF page.
  • CSF must be installed on your server for this option to appear in WHM. If you do not see it under Plugins, CSF is not installed.
  • The Quick Allow option is different — it allows an IP through the firewall rules but does not prevent lfd from blocking it. Quick Ignore is the correct choice for permanent exemption.

Troubleshooting

  • CSF plugin not visible in WHM: CSF may not be installed. You can install it via SSH following the official CSF installation instructions.
  • IP is still being blocked after adding to ignore: Run csf -r via SSH to restart the firewall and reload the rules. Also check /etc/csf/csf.deny to ensure the IP is not explicitly listed there — if it is, remove it.
  • Need to ignore a range of IPs: Edit /etc/csf/csf.ignore directly and add CIDR notation (e.g., 192.0.2.0/24), then restart CSF.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...