Opening Ports in WHM Using ConfigServer Firewall

Posted on Updated on

By default, the ConfigServer Firewall or CSF present on your WHM installation allows connections to a number of ports that have a specified utility. If you haven’t yet installed CSF, here is a step-by-step guide on how to do so. Any port that isn’t on the list of those allowed by CSF is automatically blocked. We’ve already seen how to unblock and disable IP addresses from within CSF. But frequently, we need to open up specific ports to enable an application to work. Different services operate on and listen in at different port numbers – each of them being like a door with an address on it.

Luckily for us, CSF has an extremely simple method of opening up any given port either via the GUI interface or through SSH. Let’s take a look at how to do this from scratch.

Changing the Apache Port

By general consensus, all HTTP traffic unless otherwise specified takes place over port 80. When you type a web address into your browser without any additional port information, it sends it to port 80 as a matter of course. Similarly, Web servers listen to port 80 from the get-go without any additional configuration. It’s a standard that allows clients and servers to talk to each other easily without negotiating a port beforehand.

So let’s change this up a little bit and modify our WHM installation to listen on a random port instead. The way I do this is by logging into my WHM dashboard and selecting “Tweak Settings” from the left-hand side menu bar as shown here:

change port

As seen in the screenshot above under the “System” section, we can change the port on which Apache listens with the variable “Apache non-SSL IP/port”. I’ve selected the second radio button allowing me to enter a custom value. I choose something like “1234”. After I save my changes, Apache is no longer listening on port 80. This means that if I try and access my website without any additional information, I received an error message since the client (my browser) is attempting to communicate on port 80 when no one is listening.

not available

Opening up the New Port in CSF

The way to access my website now is to append the port number to every URL in my browser. So I should be able to access it using the following:

However, there is one problem – my CSF firewall hasn’t been configured to allow incoming port connections through 1234. In this section, I’m going to change that. As before, log into your WHM dashboard and locate the CSF configuration page named “ConfigServer Security&Firewall” as shown below.

firewall configuration

In the second section on the right-hand side, click “Firewall Configuration” as demonstrated in the screenshot. This is nothing but an easy to edit csf.conf file. Using the search functionality on the resulting page, find the section labeled TCP_IN. This is a text field with a comma separated list of all the available open ports on WHM. I’m now going to add my custom port 1234 to the list as well:

add 1234 port

After making your changes, scroll all the way down to the bottom of the page and hit the “Change” button. This makes the changes to csf.conf, but doesn’t implement them yet. In order to complete the process, you’re going to have to restart CSF and LFD as shown here.


With these changes made, port 1234 should now be open and listening to connections. So I fire up my web browser and enter the URL of my website with the port number appended. As expected, my page now displays as before:

working with 1234 port

Make sure that you don’t open any unnecessary ports on CSF as this is a crucial way to maintain security on your WHM Web server. But if you have an application that you want to connect to over a customized port, this is how you go about enabling it.

Leave a Reply

Your email address will not be published. Required fields are marked *