KNOWNHOST WIKI

User Tools

Site Tools


control-panels:cpanel-whm:i-cannot-access-sites-or-server-looks-like-my-ip-address-got-blocked-on-server-what-can-be-done

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
control-panels:cpanel-whm:i-cannot-access-sites-or-server-looks-like-my-ip-address-got-blocked-on-server-what-can-be-done [2015/01/12 15:06]
Jonathan W.
control-panels:cpanel-whm:i-cannot-access-sites-or-server-looks-like-my-ip-address-got-blocked-on-server-what-can-be-done [2016/10/21 15:44] (current)
mscherf rewrote to avoid non-existent Power Panel
Line 1: Line 1:
 ====== I cannot access my server - I think my IP got blocked by the firewall ====== ====== I cannot access my server - I think my IP got blocked by the firewall ======
-{{howhard>​3}} 
-You need to stop server firewall momentarily to access the server or WHM. You can stop the server firewall from Power Panel. Under //Container Services >> System Services//, select //​iptables//​ and stop the service. 
  
-You need to remove ​your IP address ​from firewall then. For that, access ​//WHM >> ​Plugins ​>> ​ConfigServer Security&​Firewall// and specify your IP address ​in "Quick Unblock"​. ​After this, you can start the server firewall ​from Power Panel.+{{howhard>​4}} 
 + 
 +If your public-facing IP address has been blocked in the firewall, the firewall block will need to be removed before you will be able to access the server normally. On a VPS, there is a [[my-knownhost:​manage-services:​vps-control:​java-console|Console]] available to you for this purpose. But if your server is a Dedicated Server,((or if you prefer we check the firewall for you)) you will need to [[support:​how-do-i-submit-a-ticket|open a Support Ticket]] for assistance. 
 + 
 +In order to unblock ​your IP address, you will first need to know what IP address to be checking for. If you need us to check the firewall ​for you, we also will need to know your IP address. Here are examples of websites that will tell you your current public-facing IP address: 
 + 
 +  * http://​www.whatsmyip.org/​ 
 +  * http://​ifconfig.ca/​ 
 +  * http://​ip4.me/​ 
 + 
 +If you have a VPS, the first step is to open the VPS Console. [[my-knownhost:​manage-services:​vps-control:​java-console|This article]] explains how to do that. 
 + 
 +Once you are logged in via the VPS Console, it is time to remove the firewall block. First, check whether your server has csf installed. Most of our servers do, but if you are not sure, you can check using ''​%%which%%''​. If you have csf installed in your server, the results should look like this: 
 + 
 +<​code>​ 
 +root@host [/]# which csf 
 +/​usr/​sbin/​csf 
 +</​code>​ 
 + 
 +===== Checking via CSF ===== 
 + 
 +If you have csf, then you can use the csf commandline options to unblock your IP, once you know whether it is a temporary or permanent blockThat can be done with the ''​%%-g%%''​ option. Remember to replace the IP address in the command with your current public-facing IP address((or the IP address of whoever you are checking for, if it is not you that is blocked)) 
 + 
 +==== Temporary Blocks ==== 
 + 
 +If the block is a temporary blockthe results will look like this: 
 + 
 +<​code>​ 
 +root@host [/]# csf -g 185.141.24.73 
 + 
 +Chain            num   pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​         
 + 
 +DENYIN ​          ​4 ​    ​3640 ​ 218K DROP       ​all ​ --  !lo    *       ​185.141.24.73 ​       0.0.0.0/
 + 
 +Temporary Blocks: IP:​185.141.24.73 Port: Dir:in TTL:604800 (lfd - 185.141.24.73 (RO/​Romania/​kylesun2.ampnode.com),​ more than 60 Apache 403 hits in the last 86400 secs) 
 +</code> 
 + 
 +The last line gives some information about the reason the IP was blocked, which can give you clues on which additional logs may need to be checked. But the block itself can be removed as follows: 
 + 
 +<code> 
 +root@host [/]# csf -tr 185.141.24.73 
 +csf: 185.141.24.73 temporary block removed 
 +csf: There are no temporary IP allows 
 +</code> 
 + 
 +We can check for the IP again to make sure the block was removed: 
 + 
 +<code> 
 +root@host [/]# csf -g 185.141.24.73 
 + 
 +Chain            num   pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​         
 +No matches found for 185.141.24.73 in iptables 
 +</code> 
 + 
 +If we want to see more details on why the IP was blocked, we will need to check the server logs. In this case it was due to having made too many http requests that resulted ​in status ​"403: Forbidden" 
 + 
 +==== Permanent Blocks ==== 
 + 
 +Permanent blocks use a different command for removalHere is an example of the search results for an IP that had a permanent block: 
 + 
 +<​code>​ 
 +root@host [/]# csf -g 109.74.151.158 
 + 
 +Chain            num   pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​         
 + 
 +DENYIN ​          ​1 ​       0     0 DROP       ​all ​ --  !lo    *       ​109.74.151.158 ​      ​0.0.0.0/​0 
 + 
 +DENYOUT ​         1        0     0 LOGDROPOUT ​ all  --  *      !lo     ​0.0.0.0/​0 ​           109.74.151.158 
 + 
 +csf.deny: 109.74.151.158 # lfd: (PERMBLOCK) 109.74.151.158 (SK/​Slovakia/​109.74.151.158.host.vnet.sk) has had more than 1 temp blocks in the last 604800 secs - Thu Sep  1 15:35:27 2016 
 +</​code>​ 
 + 
 +Note how the last line starts with "​csf.deny"​ instead of "​Temporary Blocks"​. In this case if we want to remove the block, we use this command: 
 + 
 +<​code>​ 
 +root@host [/]# csf -dr 109.74.151.158 
 +Removing rule... 
 +</​code>​ 
 + 
 +As before, we can check to make sure the removal worked: 
 + 
 +<​code>​ 
 +root@host [/]# csf -g 109.74.151.158 
 + 
 +Chain            num   pkts bytes target ​    prot opt in     ​out ​    ​source ​              ​destination ​         
 +No matches found for 109.74.151.158 in iptables 
 +</​code>​ 
 + 
 +As before, if we want to see why the IP had been blocked, we would need to check the server logs. We can see in this case that a permanent block was assigned due to having too many temporary blocks against it, but in this case it happened so long ago that the relevant logs have all rotated, and we will not be able to find the original reason. 
 + 
 +==== Other ==== 
 + 
 +If your server is using the CSF/LFD firewall, but your IP address does not show any results when searching for blocks, then it is not an IP-block causing the connection issues. It may be worth checking if the needed ports are open, but it might also be that something other than the firewall is blocking you. If you want to rule out csf as the cause, you can //​temporarily//​ disable it. However, we strongly recommend before trying this that instead you [[support:​how-do-i-submit-a-ticket|open a Support Ticket]]. 
 + 
 +<WRAP important>​ Do //not// leave csf disabled for any longer than is needed. This is meant **only** as a troubleshooting measure, both //​temporary//​ and //brief//. </​WRAP>​ 
 + 
 +If you want to //​temporarily//​ disable the firewall, to check if that makes the difference between whether you are able to access ​the server, you can use this command: 
 + 
 +<​code>​ 
 +# csf -x 
 +</​code>​ 
 + 
 +It is important to re-enable the firewall ​again as quickly as possibleThat can be done as follows: 
 + 
 +<​code>​ 
 +# csf -e 
 +</​code>​ 
control-panels/cpanel-whm/i-cannot-access-sites-or-server-looks-like-my-ip-address-got-blocked-on-server-what-can-be-done.txt · Last modified: 2016/10/21 15:44 by mscherf