Configuring messenger csf

The CSF (ConfigServer Firewall) messenger is a feature which displays a specific warning page to a user if they are blocked in the firewall.

It is the most commonly used firewall to secure Linux Servers which helps to block bruteforce attacks, sync attacks, small DOS attacks etc.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our customers to implement Security and Firewall configuration on their Server.

In this context, we shall look into the steps to take to configure CSF messenger.

The importance of setting up CSF Messenger?

CSF Messenger is very important to clients to prevent unexpected lock out from the system protected by CSF firewall.

When an IP is blocked, Email and website services might become unavailable to users. In cases where an warning notification is not set to advice a user of such an IP block, the user might not know the cause of the problem.

This is why it is recommended for a system to be configured with a warning message to notify the user when blocked by the firewall.

CSF is very powerful tool in that it is capable of specifying the exact information about the IP address to make it easy for such issues to be fixed.

Additionally, CSF messenger has an reCAPTCHA option which helps to verify that the user is actually a human. In this case once verified, the system unblocks the IP address automatically.

How to configure CSF Messenger?

It is very easy to Install and configure CSF firewall. 

In this guide, we shall look into two different methods to implement CSF messenger as will be shown.

i. CSF implementation through the Command line?

To implement CSF messenger via the command line, Log into your Server and then run the command below;

cp /etc/csf/csf.conf{,.backup} && csf -u && sed -i 's/MESSENGER = "0"/MESSENGER = "1"/g' /etc/csf/csf.conf ; sed -i 's/MESSENGERV2 = "0"/MESSENGERV2 = "1"/g' /etc/csf/csf.conf ; sed -i 's/MESSENGER_HTTPS_IN = ""/MESSENGER_HTTPS_IN = "443"/g' /etc/csf/csf.conf ; useradd csf -s /bin/false ; csf -ra

What this command will do is;

i. To backup the configuration file of CSF.

ii. To update CSF to the latest version.

iii. Implement the necessary configuration file changes.

iv. Restarting the CSF services to enable the messenger feature.

Now the CSF messenger feature will be enabled.

ii. CSF implementation through WHM interface?

From the Terminal emulated page, enter the command on the command line followed by pressing enter;

useradd csf -s /bin/false

Next, navigate to the CSF configuration settings page in WHM, select the "Plugins" category, and then click on "ConfigServer Security & Firewall". After that, click on the CSF tab, and then click on the "Firewall Configuration" button.

Then, at the top of the Firewall Configuration page, click on the selection drop-down menu, scroll to the bottom and click on "Messenger Service", then modify the value from "OFF" to "ON" for the option MESSENGER =.

Next, scroll down to the end of the page and click on the button "Change". 

To effect changes, click on the "Restart csf+lfd" button to restart the CSF service.

Adding reCAPTCHA option

Start by creating the Recaptcha keys from Google official Recaptcha website .

Ensure that you untick the option "Domain Name Validation".

Once the recaptcha is created, copy the keys to the CSF configuration to implement it in your system as shown below;

RECAPTCHA_SITEKEY = "add the site key here"
RECAPTCHA_SECRET = "add secure key here"

Need support in configuring CSF Messenger? We are available to help you.


This article will show you how to set up CSF Messenger via command line.