Whitelist using WHM

Use Quick Allow (csf.allow)

1. Navigate to the Quick Allow section on the CSF home page. 
   
   
2. Enter the IP address you'd like to allow. This will allow the IP address through all ports, but it can still trigger lfd and multiple modsec rule voilations. 
   
   
3. Click on Quick Allow to allow the IP address. 
   
   

Use Quick Ignore (csf.ignore)

1. Enter the IP address in the Quick Ignore section of CSF. 
   

   Warning:

   Only use this setting for trusted IP addresses. This allows the IP address to bypass all modsec rules, lfd and access all ports to your server.
   
   
   
2. Click Quick Ignore to allow the IP address through your firewall. lfd will restart after the IP address is whitelisted. 
   
   

Whitelist via Command Line

CSF has two main files for whitelisting:

/etc/csf/csf.allow

and

/etc/csf/csf.ignore

Both files perform different functions, csf.allow is where you add an IP to be allowed through the firewall. If a users IP address is in csf.allow it can still be blocked for login failures in LFD (login failure daemon). If you find that a user is blocked because of LFD, you will need to add the IP address to csf.ignore. With an IP listed in both of these places, it will not be touched by CSF.

To whitelist an IP through csf.allow, run the following command: (replace the example IP address with the one that is blocked)

csf -a 192.0.2.0

To add the IP to the csf.ignore, you will need to edit the csf.ignore file.

vim /etc/csf/csf.ignore

	#Monitoring Ranges
10.20.9.0/24
10.30.9.0/24
10.40.11.0/28
209.59.139.14
67.227.128.125
67.227.128.126
69.16.234.107
69.16.234.108
69.16.234.118
69.16.234.119
69.16.234.122
69.16.234.123
69.16.234.124
69.16.234.125
69.16.234.126
(add your IP here at the end)
##END MONITORING##

Then restart CSF:

csf -r

The IP address will now be ignored by CSF and LFD and allowed through.