How to Block Traffic by Country in the CSF Firewall?
introduction
The CSF (ConfigServer Security & Firewall) allows administrators to block incoming client connections to your server depending on their geographical location. In other words, one can prevent the internet traffic that has its origin from a certain country with the help of the CSF Firewall.
In this guide, we are going to show the individual CSF settings that the user who has WHM (Web Host Manager) root access needs to change to use these geo-blocking rules.
Why Block Traffic by Country?
Geo-blocking is an important security measure that a server administrator can use. It is commonly used when a server is facing malicious attacks, excessive spam, or bot traffic, which is mainly based on one geographical location.
With this feature, you will be able to minimize the exposure of the server to known threats, thus enhancing the overall security and the use of resources.
Steps to Block Traffic by Country
Geo-blocking involves some modification of firewall settings, which requires root privileges in WHM.
Follow these steps to set up the country-based restriction.
Access Your WHM Root Account
Initiate the process by logging in to your WHM control panel. Make sure that you use your full root account credentials to get administration access.
Navigate to Plugins
On the primary menu bar, choose the option that is called Plugins.
Open Configserver Security and Firewall
In the Plugins interface, click on the link for the ConfigServer Security and Firewall. This will open the central management application of CSF.
Access Firewall Setting
Inside the CSF application:
Choose the csf tab and then find the csf-ConfigFirewall section. Click the Firewall Configuration button.
The comprehensive configuration panel for the CSF will then appear.
Country Code DenyList Configure
Now you must define which countries are to be blocked.
Find Section: Select and locate the Country Code Lists and Settings section within the configuration interface.
Enter Codes: In the field labeled as CC_DENY, type the country codes of the countries whose traffic you wish to control.
The ISO 3166-1 alpha-2 standard codes can be used to identify the countries that you are interested in.
Save and Restart Firewall
Once all the appropriate country codes are typed, you will have to complete and implement the changes.
Click Change: Go to the bottom of the panel and hit the Change button. This will lock in the changes that you have made to the configuration file.
Click Restart: In order to force the firewall to accept the new settings, click the Restart csf+lfd button.
After completing, the CSF Firewall will start blocking all the traffic that comes in and out of the country or even countries that you specified in the settings.
Conclusion
The most useful means of improving the security of the server is by configuring the CSF Firewall to block out country-specific traffic. Administrators can block unwanted requests by specifying the country codes in the CC_DENY field and re-initiating the firewall service to stop undesired requests from specific geographical areas.
FAQs
What is the meaning of Geolocation with regard to server requests?
Geolocation refers to determining the physical location of the originating internet user or server, which is typically defined by their IP address.
Does CSF Firewall use country names or codes?
The CSF Firewall relies on the two-letter ISO 3166-1 alpha-2 country codes (e.g., ‘CN’ for China) to identify and block traffic sources.
What is the effect of restarting the csf+lfd service?
It is important to restart this service to make sure that the firewall reloads its rule set from the configuration file immediately, and the geo-blocking will be effective.
Is it possible to block multiple countries at once?
Yes, it is possible to block many countries at the same time using two-letter codes separated by commas (e.g., ‘CN,RU,KP’) in the CCDENY field.
