How to Install a Firewall on Your Website
The term firewall is often used in web hosting without much of an explanation. In simple terms, a firewall is a digital wall protecting a computer that allows legitimate users in and repels any unwanted invaders.
This is in effect what happens with the computer firewall. Unfortunately though, your assailants are more resourceful than the bungling villains on Batman and, given enough time, will find a way past the defenses.
That said, firewalls are essential because they hold off any but the most determined attackers.
If you are on a shared server, your host should already have a firewall installed. There are both hardware and software firewalls, and shared hosts should automatically install both.
If you are on a Virtual Private Server (VPS) or dedicated server, your host should have provided a hardware firewall that is built in to the router. Your host may or may not have switched on a software firewall for you, so you should check with the host or examine your control panel to see if a software firewall is running.
With cPanel, you cannot install a software firewall unless you have access to the backend administration panel called web Host Manager (WHM). You should have access to WHM if you are using cPanel on a VPS or dedicated server.
Use the following steps to check in WHM to find out if you have a firewall installed:
Log into WHM using the details your host provided.
Scroll to the bottom of the page.
Look for a heading named Plugins in the menu on the left.
Look for ConfigServer Security & Firewall (CSF) in the Plugins section.
CSF is the default firewall for WHM and should be listed under Plugins.
It is possible that your host may have installed a different firewall program. If that is the case then that firewall should be listed under Plugins.
If your server is not running a software firewall, follow the install instructions at www.mysql-apache-php.com/csf-firewall.htm.
After CSF is installed and running, you should go back to the WHM Plugins section and click CSF.
Look at a couple of things in here:
Click the Check Server Security button. When you click the button, you see some of the areas where your server may be vulnerable to attack. Go through each one individually and close any holes you can. You may need to leave some holes open because of the website software you’re running, depending on what facilities your website needs.
Click the Firewall Security Level button and select the level of firewall security you require. Most websites run with a medium or even high level of security selected. The easiest way to find out is to select High and test your website for functionality. If it is functioning correctly, then leave the security on high; otherwise, turn it down to medium and try again.
If there is an Upgrade button, click it. This installs the latest updates to the firewall system, which are essential for keeping the firewall as up-to-date as possible to afford you the highest level of protection it can.
CSF also provides options to allow or deny certain IP addresses and to show the status of the firewall and restart it if necessary.
It is wise to tell CSF to allow access from your IP address. If you don’t allow access from your IP address, then sometimes CSF will think that you are an attacker and will lock you out. Use the following steps to quickly allow CSF access from your IP address:
Go to www.whatsmyip.org.
The site tells you at the top of the page what your Internet IP address is.
Copy the IP address.
Go back to the CSF manager in WHM and scroll down to Quick Allow.
Paste your IP address into the green box and press Enter.
You can do this for any IP address that you know requires access to the server. Taking this action will save headaches in the future.
A server firewall is not enough for complete security. Ensure that you have a firewall installed on any computer you use to access the server. If you have an internal network at your office, then each computer should have its own firewall to help prevent the spread of any viruses that do get through.