Reseller Web Hosting Offers:

How to Increase DENY IP LIMIT in CSF Firewall?

Silicon House Linux Dedicated Servers are powered by free Unlimited WHM and Unlimited cPanel. Dedicated Servers comes with full root access where you will be get a control to make any changes at anytime. In this you can able to Increase DENY IP LIMIT in CSF Firewall.


A firewall is a system that provides network security by filtering incoming and outgoing network traffic based on a set of user-defined rules. Firewall will help to block the IP’s which is matched against firewall rules and the blocked IP’s will be stored in “Firewall Deny IP’s” and “Temporary IP Entries”.

In CSF firewall, We can set the limit that how much IP’s can block in the server in the above fields. Also old IP addresses will be automatically removed from “Firewall Deny IP’s” and “Temporary IP Entries” file when the “DENY_IP_LIMIT” and “DENY_TEMP_IP_LIMIT” is reached.

Kindly refer the below procedure to Increase DENY IP LIMIT in CSF Firewall:

1. Login to the WHM as a root

2. Go to “ConfigServer Security & Firewall” under Plugins option

3. Click on “Firewall Configuration” under “csf – ConfigServer Firewall”

4. Choose “DENY_IP_LIMIT = ” option under “General Settings”

5. Now you can change the limitation of “Firewall Deny IP’s” and “Temporary IP Entries” in the below field

Example :

DENY_IP_LIMIT = 200
DENY_TEMP_IP_LIMIT = 200

6. Scroll down click on Change

7. It will show as “Changes saved. You should restart both csf and lfd.”. After that Click on “Restart csf+lfd”

In the above example you can see that DENY_IP_LIMIT is 200 so the oldest IP’s in “Firewall Deny IP’s” was removed when you tried to add a new IP to deny list more than the limit.

If we increase the limits, CSF will be able to hold more IP address in the above fields. But make sure there is sufficient resources on the server before you increase this value.

ADVANTAGES:

If the server is under any attack from different IP address as DOS attack, Increasing the DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT is very helpful.

DISADVANTAGES:

If we are setting DENY limit to a very high value, it will slow down the network and websites and it is not advisable

NOTE : Setting DENY_IP_LIMIT to 0 is not recommended and it will disable limiting.

Hope!!  Now you know how to Increase DENY IP LIMIT in CSF Firewall