cPanel Firewall

Enabling CSF managing privilege for WHM resellers

Arunlal A1 Comment
Post Views: 1,438

Before moving to this, you must have the basics of CSF. CSF, is the abbreviation of Config Server Security & Firewall. CSF is for configuring or managing your server firewall easily. CSf is the most commonly using firewall application to secure Linux servers. CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin. The installation ans usage of CSF is quit simple.

Working principle of CSF

The idea with csf, as with most iptables firewall configurations, is to block everything and then allow through only those connections that you want. This is done in iptables by DROPPING all connections in and out of the server on all protocols. Then allow traffic in and out from existing connections. Then open ports up in and outgoing for both TCP and UDP individually.

We already discussed about the installation steps of CSF on Linux server. Click here for Install and configure csf on CentOS.

Here I’m going to give privilege to manage CSF for a WHM reseller. Yes it’s possible. There is a file “csf.resellers” in “/etc/csf” directory to allow this permission for resellers. Please not you can only give limited CSF functionality.

The syntax is explained below:

To allow a reseller to manage CSF add the following entry in “csf.resellers” file.

#someuser:1:USE,ALLOW,DENY,UNBLOCK

Here;

someuser :: Is the WHM reseller’s user name.
1 :: Stands for the email alert functionality.

Details

0 or 1 depending on whether you want an email alert sent using the email template reselleralter.txt whenever an ALLOW/DENY or UNBLOCK is performed.

Then the options for resellers.

Details

# USE        - The reseller can use this facility through WHM (required)
# UNBLOCK    - The reseller can use the Quick Unblock feature
# GREP       - The reseller can use the Search IP feature
# ALLOW      - The reseller can use the Quick Allow feature
# DENY       - The reseller can use the Quick Deny feature

RECOMMEND: For security reasons, we recommend only allowing resellers USE,UNBLOCK and GREP

Please make sure that you have enabled the following option through WHM.

To use this feature for a WHM reseller, you need to enable the “ConfigServer Security & Firewall (Reseller UI)” through WHM as root. Please do follow the steps to enable “ConfigServer Security & Firewall (Reseller UI)” through WHM.

1, Log into WHM as root.
2, Move to “Home » Resellers » Edit Reseller Nameservers and Privileges”
3, Select the reseller.
4, Under “Third Party Services”.
5, Tick on “ConfigServer Security & Firewall (Reseller UI)” and save it.

Please see the image below:

reseller

That’s it!

Related posts

1, CSF commands for Unix/Linux servers
2, Install and configure csf on CentOS
3, Csf command not found in WHM/cPanel server

, ,

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

One thought on “Enabling CSF managing privilege for WHM resellers

  1. I’m not sure when it started, but in v68.0.10 the options for CFS are no longer found in “Edit Reseller Nameservers and Privileges” unfortunately.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *