Server Setup

How to whitelist / unban a user in unmanaged Citrus Stack server

by ,


We have by far the largest RPM repository with dynamic stable NGINX modules and VMODs for Varnish 4.1 and 6.0 LTS. If you want to install NGINX, Varnish, and lots of useful modules for them, this is your one-stop repository to get all performance-related software.
You have to maintain an active subscription in order to be able to use the repository!

You’d rarely have to do anything about maintaining a healthy state of a Citrus Stack server. It is self healing, and secure from brute force attacks.

However, when you share access with developers, a frequent problem is that the server would automatically ban them.
This happens for a few reasons:

  • Repetitive failed attempts to login to your website’s backend
  • Use of SSH agent program on developer’s machine, which tries to login multiple times using different SSH keys (counts as failed login attempt)

Multiple attempts to login, and multiple records of this bad behaviour, will yield a nearly permanent ban in server’s firewall (recidive filter).

So in general, you may want to whitelist known trusted IPs from being automatically banned.

Steps to whitelist an IP from auto-banning

Connect to SSH using sudo user, which is by default centos (check your Server Guide for credentials).

Once connected, run:

sudo nano /etc/fail2ban/jail.local

Locate the line that reads ignoreip = 127.0.0.1/8 ...

Edit that line by prepending a whitespace and the IP you want to whitelist right after. The final line should look like this:

ignoreip = 127.0.0.1/8 1.2.3.4

Where 1.2.3.4 is the IP address that you want to whitelist.

Now, to apply the change, run:

sudo systemctl restart fail2ban

If the IP was already banned, the above command will unban it. And it will also make sure to not ban it again, should the IP make failed login attempts repeatedly.

Want things to be even more secure and have these changes done by professional support? Subscribe for Linux server management by GetPageSpeed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.