Using the Config Server Firewall on VPS
Your VPS has a very powerful, but simple firewall installed that protects your VPS 24/7/365. It's primary role is to detect malicious logins trying to do dictionary attacks on different ports, cpanel accounts and email accounts. Without some sort of firewall active your VPS could become highly unstable in just a matter of a few bad actors trying to crack into your server using dictionary attacks via bots.
That said, safety can come with collateral damage at times. You may have end users who are attempting to 'guess' their own passwords while setting up their phones or mail clients and find themselves 'blocked' in the firewall. When this happens, the 'entire server' will appear to be 'down'. It's not. It's just their IP address being blocked in the firewall. You can now be their hero!
As a VPS owner, it's important to know how to manage the firewall to take care of situations like this!
For the most part, the CSF is set and forget with the exception of the situations mentioned above. This tutorial is 'not' exhaustive. It's just showing you how to quickly add/remove IP addresses in the CSF so you do not need to open a ticket if you can quickly do it yourself. It's actually quite easy to do!
STEP 1: Login to your WHM. On the left side, do a search for 'firewall'. Then click on ConfigServer Security & Firewall.
STEP 2: Click on the CSF tab. From this page you can quickly 'allow' an IP address. You can quickly 'block' an IP address. Usually if your customer contacts you and they provide their IP address you can use the 'search' feature found a little lower on that same page. You may see the IP was blocked due to IMAP or POP or FTP or cPanel failed logins which usually indicates the end user is trying to guess their password. You can then add their IP and inform them of the reason why they were blocked in the firewall.
Please note, if a user is blocked and you use the Quick Allow feature, it will automatically unblock their IP and add it to the whitelist.
That said, safety can come with collateral damage at times. You may have end users who are attempting to 'guess' their own passwords while setting up their phones or mail clients and find themselves 'blocked' in the firewall. When this happens, the 'entire server' will appear to be 'down'. It's not. It's just their IP address being blocked in the firewall. You can now be their hero!
As a VPS owner, it's important to know how to manage the firewall to take care of situations like this!
For the most part, the CSF is set and forget with the exception of the situations mentioned above. This tutorial is 'not' exhaustive. It's just showing you how to quickly add/remove IP addresses in the CSF so you do not need to open a ticket if you can quickly do it yourself. It's actually quite easy to do!
STEP 1: Login to your WHM. On the left side, do a search for 'firewall'. Then click on ConfigServer Security & Firewall.
STEP 2: Click on the CSF tab. From this page you can quickly 'allow' an IP address. You can quickly 'block' an IP address. Usually if your customer contacts you and they provide their IP address you can use the 'search' feature found a little lower on that same page. You may see the IP was blocked due to IMAP or POP or FTP or cPanel failed logins which usually indicates the end user is trying to guess their password. You can then add their IP and inform them of the reason why they were blocked in the firewall.
Please note, if a user is blocked and you use the Quick Allow feature, it will automatically unblock their IP and add it to the whitelist.
Updated on: 12/05/2025
Thank you!