How to block an IP(IP range) in CSF

You find a bad IPv4/IPv6 and want to block it? You can easily block it with CSF.

ConfigServer Security & Firewall (csf) is a very used firewall for cPanel servers. Download it from https://configserver.com/cp/csf.html

You can block an IP/IP range from WHM or from the server bash.

Block an IP from WHM:

  1. Log in to WHM as root.
  2. Navigate to Plugins section, then to ConfigServer Security & Firewall
    whm csf
  3. Look for the Quick Deny section/button. Enter the IP/IP range in the red edit box. If you want, you can also add a comment in the next edit box.
  4. Click the Quick Deny button.
  5. The IP will be added to the block list – /etc/csf/csf.deny file – and you will see a confirmation message:
  6. Click the Return button to return to the CSF main page.

To be able to block IPv6 you must first enable IPv6 in CSF. If IPv6 is not enabled, you will get a message:

So, to enable IPv6 in CSF, go to the Firewall Configuration and set IPV6=On


Block an IP from server bash:

1. Log in to the server via SSH as root

2. Use the command: csf -d IP

# csf -d 145.123.44.55
# csf -d 2001:db8:85a3::8a2e:370:7333

You can also block IP blocks, like:

# csf -d 145.123.44.0/24
# csf -d 145.123.0.0/16

This Post Has 4 Comments

  1. Clappert

    how can you block ipv6 in csf ?

    1. Editorial Staff

      Same as for IPv4. Notice that you must enable first IPv6 in the CSF configuration.

  2. Jeff Kee

    Or edit /etc/csf/csf.deny directly to add a bunch of rows/ranges at once!

Leave a Reply