Knowledge Base
MilesWeb / cPanel, Firewall, How-Tos, Web Host Manager

How to Install CSF Firewall via WHM/cPanel?

Approx. read time : 3 min

Config Server Firewall or CSF is a Stateful Packet Inspection (SPI) firewall that is a powerful and must-install application that you can install via WHM on cPanel. It works as a system for intrusion detection and a prime security application for your Linux server. As a security tool, CSF protects your server against various common threats such as brute force attacks while improving the overall server security.

The CSF application is also available for other control panel applications to install and deploy.

To Install CSF Firewall

To install CSF on cPanel, you have to use your server’s SSH access.

1. Log in to the WHM panel with the root account.

2. Select the Server Configuration option from the navigation menu.

3. Click on Terminal to open the WHM terminal window.

4. Copy/enter this code in the Terminal window.

cd /usr/local/src/
tar -xzf csf.tgz
cd csf

WHM will run the command and automatically download the compatible version of CSF for cPanel.

5. Press Enter to run the installation.

The WHM panel will begin the installation process of the CSF application and display a success message for the completed installation.

Once you install the CSF application, you will have to configure it.

To Configure the CSF Firewall

1. Go back to the Home of your WHM dashboard and select the Plugins option from the navigation menu.

2. Here, you will see the option ConfigServer Security & Firewall. Click on it.

Here, you will find a variety of options to configure the ConfigServer Security & Firewall application.

3. Click on the csf tab.

4. Scroll down a little to the csf – ConfigServer Firewall section and click on the Firewall Configuration button.


You will find all the options for the firewall configurations. We will see a quick rundown on the important settings to get you started.

1. Settings for Port Filtering Configuration – IPv4 Port

For the IPv4 Port, you will notice these ports as open by default:

  • TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,26”
  • TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703”
  • UDP_IN 20,21,53
  • UDP_OUT 20,21,53,113,123,873,6277

Once you have changed your SSH port number, add this new port on the IPv4 Port Settings and/or IPv6 Port Settings. You can also add a specific port for a newly installed application on the server from this section.

We recommend the users who deploy the R1soft/Idera external backup solution to allow the inbound traffic for TCP port 1167 in the port TCP_IN section.

2. Activate the Syslog Monitoring

Scroll down to the General Settings section and set the SYSLOG_CHECK  to 1800.

3. Activate the Detection of Suspicious Processes

Scroll down to the Process Tracking section.

  • Set “PT_ALL_USERS” to “ON
  • Set “PT_DELETED” to “ON

4. Activate Spam Protection and Detection of Suspicious Emails

With CSF, you can secure your server from spams and bulk email activity.

  • Scroll down to the SMTP Settings section.
  • Switch the SMTP_BLOCK to On.

  • Scroll down to the Login Failure Blocking and Alerts section
  • Locate the LF_SCRIPT_LIMIT and set it to 250. It will detect the scripts sending more than 250 emails in an hour.
  • Switch the LF_SCRIPT_ALERT to On. It will alert the system administrator via email when the LF_SCRIPT_LIMIT is breached.

5. Save the Changes and Confirm the Status

  • Scroll down to the end of the page and click the Change button.

It will save the configurations you made to the firewall application.

  • Click the Restart csf+isd button. It will restart the csf and isd and apply your firewall configurations.

Click the Return button to go back to the main dashboard of the ConfigServer Security & Firewall application.

After confirming that you have made all the necessary configurations, you need to:

Disable Testing

Currently, your CSF application is running in the Test Mode. You have to deactivate the mode.

  • Reaccess the csf – ConfigServer Firewall section and click the Firewall Configuration button.
  • Locate the TESTING option in the Initial Settings section.
  • Click on the Off switch.

Again, you have to repeat the process to save the configurations. Click the Change button, and then the Restart csf+isd button.

With it, you will have successfully installed and activated the CSF Firewall on your cPanel account.

Prasad is a business grad specialized in Marketing. He has garnered experience as a technical content writer and a digital marketer that he brings out in his work. He likes reading classics and travel in his free time.

Trusted By Thousands of Clients & Big Businesses

We highly appreciate the kind and stellar feedback we receive from our customers. Delivering the best is our goal! MilesWeb is rated Excellent out of 5 based on reviews. Read more reviews.

Based on reviews
2 hours ago
Perfect and Valuable Server + ...
I am using MilesWeb Servers, The main thing which I getting are continuous support over everything w...
Gunjan Makwana
4 hours ago
Milesweb is superb Hosting pro...
Milesweb is superb Hosting provider ever, their Support team is amazing!!!...
Abhishek Singh
15 hours ago
Great support in great timing...
We need urgent assistance on changes in a primary domain on our client's Cpanel accounts and reached...
Riyaju Deen
21 hours ago
Best Website Hosting platform ...
I was new on MilesWeb. And needed help on multiple areas from setting up to getting started with cre...
1 days ago
Very quick and helpful assista...
Very quick and helpful assistance. Support person listened properly and provided a nice solution....
1 days ago
the team is very supportive th...
the team is very supportive though at times effort needs to be made to make understand the problem s...
Suree Sharma
1 days ago
I am using miles web for 3plus...
I am using miles web for 3plus years, very quick and perfect support by the team, they helped me man...
Sri Raghav
2 days ago
The service is good...
The service is good. They are answering with patience and doing the needful as soon as possible....
2 days ago
Perfect and Valuable Server + ...
I am using MilesWeb Servers, The main thing which I getting are continuous support over everything w...
Gunjan Makwana
3 days ago
Very quick and helpful assista...
Very quick and helpful assistance. Support person listened properly and provided a nice solution....
4 days ago
positively helped me with find...
positively helped me with finding insecure content on my website causing SSL to not work properly on...
Thaviraj Junglee
4 days ago
Exceptional support, Truly Pra...
I had opted for the basic wordpress hosting plan as I intended to experiment with various plug-ins. ...
Aseem Chandna