CSF firewall is available free and most cPanel users might have a copy because it is free? Today, I’m sharing my experiences. Not on how you install CSF or what are the items but opinions on hows the firewall serves its purposes.
For the last decade, CSF has been the part and parcel of cPanel users. However, I’m not actually fond of installing CSF. It is not that CSF has not served its purpose, it is all about individual perception and expectation. why? Let me shares;
a. I have seen CSF in test mode since day one. If you have installed CSF, you will know CSF is in TEST mode by default.
b. Block everyone in the office, cannot send and receive emails. So if your coworkers are sharing the internet through the same router, shared public IP address will be blocked if someone has entered the wrong password a few times.
c. No or non-optimised settings on CSF. Users have left the settings by default or minimum settings were done because they are difficult to understand in layman terms.
So, my experiences are never good with CSF installed. 90% of the time, require troubleshooting if someone has installed CSF. If you have a fully managed hosting service or you have planned to sacrifice your personal time (as they can be very time consuming) to adjust and tweak it.
This is commonly found in a WHM / cPanel VPS or dedicated server. Actually, CSF is effective and it is free. A lot of server admin will install them as soon as they have received it. But seriously speaking, how many users know how to tweak and optimise the performance. Honestly, very few and I always see people left them in auto-pilot mode and full stop. So what is CSF? Yes, it is a firewall and it is software based. It is installed onto the server.
There is nothing wrong to install a piece of free and useful software. Wait for a second, did I just say it was useful? In certain extent, it is a Yes. But I have seen many cases, CSF is added burden to the user.
I have seen many as I have said, they simply install and turned on the firewall. If you are doing this, you might accidentally block good users or in the worst situation, you are blocked. When such a thing has happened, may have treated the service is not available and it can be frustrating especially it has happened often. There is the case, like packet loss when you are pinging the server IP or domain name. This is because of CSF. Simply turn it off and everything is back to normal.
Don’t get me wrong, CSF is useful but you need to know how to use it. Without, it can be a hassle for you. So I never buy an idea like installing a software firewall on the server. Actually, if the attacks come, the firewall will eat up the resources on the server and eventually the server performance is affected. But a web firewall like Sucuri Firewall Pro does not install onto the server, it has offloaded the server and because of many distributed points, it helps to speed up a website if you are staying further from the source of the website.