How to configure CSF for DDoS mitigation

Introduction

ConfigServer Firewall (CSF) has built-in features that assist with DDoS mitigation.

Please note that there is no way to prevent a DDoS attack against any server connected to the Internet. Mitigating an attack at the server will have limited effectiveness since the attack has to reach the server to be mitigated. You should contact your network provider to mitigate a DDoS attack so that the attack doesn't reach your server.

Procedure

Please note that CSF is a third-party product that cPanel does not support. Please consult with your system administrator or security administrator for specific configuration values.

1. Log into WHM as the 'root' user.
2. Navigate to "Home / Plugins / ConfigServer Security & Firewall."
3. In the "csf - ConfigServer Firewall" section, click the "Firewall Configuration" button.
4. Scroll down to the "Connection Tracking" section.
5. Enter the desired value in the "CT_LIMIT" textbox.
6. Set "CT_EMAIL_ALERT" to "Off" to avoid overloading the email server.
7. Enter the ports being attacked in the "CT_PORTS" textbox.
8. Scroll down to the "Port Flood Settings" section.
9. Set "SYNFLOOD" to "On."
10. Enter the desired value in the "SYNFLOOD_RATE" textbox.
11. Enter the desired value in the "SYNFLOOD_BURST" textbox.
12. Scroll to the bottom of the page.
13. Click the "Change" button.
14. Click the "Restart csf+lfd" button.