DDOS Prevention Settings in CSF firewall

By on December 13th, 2016

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are common threats that every publicly accessible web server faces. PORTFLOOD and SYNFLOOD are the two directives in CSF firewall to prevent DDOS. SYNFLOOD is disabled by default, but if you are expecting an attack you should enable it and set the rules. Follow the instructions below in order to utilize SYNFLOOD properly.


1)  Login to your WHM interface.

2) Select Plugins (Home >> Plugins).

DDOS prevention


3) Select the icon ‘ConfigServer Security & Firewall’.

DDOS prevention


4) Click on the option ‘Firewall configuration’.

DDOS prevention


5) Change the SYNFLOOD settings like,




SYNFLOOD_RATE: Number of SYN packets to accept per IP, per second.

SYNFLOOD_BURST: Number of times the IP can hit the rate limit before being blocked in the firewall.

DDOS prevention


6) To enable PORTFLOOD settings, change the settings as like the below screenshot:



7) Restart csf.


If you need any further help, please do reach our support department

One Response to “DDOS Prevention Settings in CSF firewall”

  1. galih rezah says:

    i have try on my server.. but still get SYN_RECV, have set to 1/s

Leave a Reply