Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2013

    Shared Hosting Server - Best CSF conf

    Hi all,

    Anyone got an example of ports to allow/deny that is ideal for a shared server?

    Currently using CSF with ports allowed for cPanel etc..

    Get a few issues with customers trying to connect to external db's etc on non stadard ports. Do you even block out going?

  2. #2
    Join Date
    Apr 2007
    US, UK, Europe, ME
    Yes, It's highly recommended to filter both inbound & outbound connections. You just need to open the ports that you are using and what is needed for everything to function properly and nothing else.

  3. #3
    Join Date
    Mar 2005
    Well, the best bet is to use the appropriate CSF template and then update/modify as you require for your situation.
    CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
    Running Linux since 1.0.8 Kernel!
    Providing Internet Services since 1995 and Hosting Since 2004

  4. #4
    Join Date
    Jul 2013
    You only need to keep open the ports your server services need it otherwise you should close it. If your customer need some non-standard port to open, you should ensure the port is not used for malicious purpose.

  5. #5
    Join Date
    Nov 2004
    Quote Originally Posted by cerrie View Post
    Get a few issues with customers trying to connect to external db's etc on non stadard ports. Do you even block out going?
    Yes - also highly recommend block outgoing. You can specifically enable those ports you want to allow out. A block on outgoing prevents a lot of exploits from working, as when they try to "dial home" they can't connect.

    You could enable port 3306 (MySQL) to certain locations, but a more secure way to do it is to put the IP you are connecting to into csf.allow (or run csf -a IP), which enables connection to all ports on that server. I believe you can allow just one port through as well; also you can allow dynamic DNS addresses through a different mechanism (csf.dyndns file I believe).

  6. #6
    I recommend to filter inbound, outbound is required by some application to update, to call web service, etc ... Furthermore, too many rules will slow down your network performance.

Similar Threads

  1. Manual edit csf firewall csf.allow or csf.ignore?
    By hostyourdream in forum Hosting Software and Control Panels
    Replies: 8
    Last Post: 09-14-2015, 06:31 PM
  2. DNS issues rndc.conf & named.conf
    By zooserve in forum Hosting Security and Technology
    Replies: 5
    Last Post: 04-09-2009, 02:29 AM
  3. CSF conf settings on new version
    By hbhb in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-04-2008, 06:46 AM
  4. Replies: 1
    Last Post: 05-14-2003, 01:46 PM
  5. editing the /apache/conf/httpd.conf in Cpanel by any user?
    By Ironlung in forum Web Hosting Lounge
    Replies: 0
    Last Post: 11-09-2001, 02:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts