How to block an IP(IP range) in CSF

You find a bad IP and want to block it? You can easily block it with CSF.

ConfigServer Security & Firewall (csf) is a very used firewall for cPanel servers. Download it from

You can block an IP/IP range from WHM or from the server bash.

Block an IP from WHM:

    1. Log in to WHM as root.
    2. Navigate to Plugins section, then to ConfigServer Security & Firewall
      whm csf
    3. Look for the Quick Deny section/button. Enter the IP/IP range in the red edit box. If you want, you can also add a comment in the next edit box.
      csf quick deny
    4. Click the Quick Deny button.
    5. The IP will be added to the block list – /etc/csf/csf.deny file – and you will see a confirmation message:
      csf add ip
    6. Click the Return button to return to the CSF main page.

Block an IP from server bash:

  1. Log in to the server via SSH as root
  2. Use the command: csf -d IP
    csf -d

    You can also block IP blocks, like:

    csf -d
    csf -d
Share this post: