By default, cPFence automatically whitelists your Enhance Main Control Panel in the WAF to prevent any interference with its functionality. You can manually verify or reapply the rule if needed by following the guide below.
Verify the Whitelist Rule for Your Enhance Main Control Panel
To check if your Enhance Main CP is already whitelisted in the WAF, run:
tail -n 2 /opt/cpfence/app/cpfwaf/Whitelist_Rules.confYou should see an entry similar to this:
# Whitelist rule to exclude Enhance control panel from all rules
SecRule REQUEST_HEADERS:Host "@streq your.maincp.com" "id:1000,phase:1,pass,nolog,ctl:ruleEngine=Off"What to Do If the Rule Is Missing?
If the rule is missing, restart cPFence to reapply the default whitelist:
cpfence --restart⚠️ Do not manually add the rule, as it will be automatically overwritten during updates.
Whitelist Your Enhance Cluster’s IPs
In addition to WAF whitelisting, it is highly recommended to whitelist all your Enhance servers' IPs across your cluster to avoid connectivity issues.
Follow this guide for step-by-step instructions:
How to Whitelist Your Enhance Cluster’s IPs in cPFence
Need Further Assistance?
If you encounter any issues or need additional help, feel free to reach out to our support team via your client portal.
