fbpx

Server Setup

How to whitelist / unban a user in unmanaged Citrus Stack server

by ,


We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

You’d rarely have to do anything about maintaining a healthy state of a Citrus Stack server. It is self healing, and secure from brute force attacks.

However, when you share access with developers, a frequent problem is that the server would automatically ban them.
This happens for a few reasons:

  • Repetitive failed attempts to login to your website’s backend
  • Use of SSH agent program on developer’s machine, which tries to login multiple times using different SSH keys (counts as failed login attempt)

Multiple attempts to login, and multiple records of this bad behaviour, will yield a nearly permanent ban in server’s firewall (recidive filter).

So in general, you may want to whitelist known trusted IPs from being automatically banned.

Steps to whitelist an IP from auto-banning

Connect to SSH using sudo user, which is by default centos (check your Server Guide for credentials).

Once connected, run:

sudo nano /etc/fail2ban/jail.local

Locate the line that reads ignoreip = 127.0.0.1/8 ...

Edit that line by prepending a whitespace and the IP you want to whitelist right after. The final line should look like this:

ignoreip = 127.0.0.1/8 1.2.3.4

Where 1.2.3.4 is the IP address that you want to whitelist.

Now, to apply the change, run:

sudo systemctl restart fail2ban

If the IP was already banned, the above command will unban it. And it will also make sure to not ban it again, should the IP make failed login attempts repeatedly.

Want things to be even more secure and have these changes done by professional support? Subscribe for Linux server management by GetPageSpeed.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.