On cPanel servers, firewall management is typically handled by the ConfigServer Security & Firewall (CSF) plugin. Using the WHM interface to manage these rules is the safest way to ensure your server remains accessible while blocking unauthorized traffic.
Prerequisites:
- Root access to WHM (Web Host Manager).
- The Port Number (e.g., 3306 for MySQL).
- The Trusted IP Address you want to allow.
Steps to Restrict Access:
- Log in to WHM:
Access your WHM dashboard (usually https://your-server-ip:2087). - Locate CSF:
In the top-left search bar, type “firewall” and select ConfigServer Security & Firewall. - Access Configuration:
Scroll down to the csf – ConfigServer Software section and click on Firewall Configuration. - Filter Ports:
UseCtrl+Fto search for the Port Number you want to restrict (e.g., 3306). Ensure it is NOT listed in theTCP_INorUDP_INfields. (If it is there, it means it is open to everyone). - Allow Specific IP:
- Go back to the main CSF page.
- Find the Quick Allow green box.
- Enter the Trusted IP Address.
- (Optional) In the comment box, write something like “Allow Access from Office IP”.
- Click Quick Allow.
- Advanced (Specific Port Only):
If you only want that IP to access one specific port (and not the whole server), click Firewall Allow IPs (csf.allow) and add a rule using this syntax:tcp|in|d=3306|s=1.2.3.4(replacing 3306 with your port and 1.2.3.4 with your IP). - Restart CSF:
Scroll to the bottom and click Change, then click Restart csf+lfd.
Verification:
Test the connection from the allowed IP. If you configured it correctly, the connection will go through, while all other IPs will be blocked by the default “Deny” policy of the firewall.
Share this:
