How do I configure DDoS mitigation in ConfigServer Firewall (CSF)?

Question

How do I configure DDoS mitigation in ConfigServer Firewall (CSF)?

Answer

Note: The cPanel technical support team cannot modify the firewall configuration on your behalf. If you require assistance making these changes, please consult with a qualified system administrator. 

1. Log in to WHM as the root user.
2. Navigate to Home / Plugins / ConfigServer Security & Firewall.
3. In the csf - ConfigServer Firewall section, click the Firewall Configuration button.
4. Scroll down to the Connection Tracking section.
5. Enter the desired value in the CT_LIMIT textbox.
6. Set CT_EMAIL_ALERT to Off to avoid overloading the email server.
7. Enter the ports being attacked in the CT_PORTS textbox.
8. Scroll down to the Port Flood Settings section.
9. Set SYNFLOOD to On.
10. Enter the desired value in the SYNFLOOD_RATE textbox.
11. Enter the desired value in the SYNFLOOD_BURST textbox.
12. Scroll to the bottom of the page.
13. Click the Change button.
14. Click the Restart csf+lfd button.

Additional Resources

cPanel will provide its own fork of CSF starting Feb 25th, 2026