{"id":31579,"date":"2019-11-07T15:26:43","date_gmt":"2019-11-07T21:26:43","guid":{"rendered":"https:\/\/www.rosehosting.com\/blog\/?p=31579"},"modified":"2022-06-03T03:33:21","modified_gmt":"2022-06-03T08:33:21","slug":"how-to-configure-a-firewall-with-csf-on-debian-9","status":"publish","type":"post","link":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/","title":{"rendered":"How to Configure a Firewall with CSF on Debian 9"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p><img decoding=\"async\" class=\"alignnone size-full wp-image-31644\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg\" alt=\"\" width=\"742\" height=\"372\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg 742w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9-150x75.jpg 150w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9-300x150.jpg 300w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/p>\n<p>In this article, we will show you how to install and configure the CSF firewall on a <a href=\"https:\/\/rosehosting.com\/debian-hosting.html\">Debian 9 VPS<\/a>, as well as go through some tips on how to use CSF.<\/p>\n<p><img decoding=\"async\" class=\"alignright size-full wp-image-31645\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/guide-easy-install-configure-csf-on-debian9-vps.jpg\" alt=\"\" width=\"150\" height=\"150\" \/>ConfigServer Security &amp; Firewall (CSF) is a free and advanced firewall management tool based on iptables. CSF provides a high level of security on your server and is very straightforward, making it easy to set up and install on all supported Linux distributions. We will use Debian 9 which is among the supported Linux distributions. CSF has many great features such as port scanning, SYN floods and brute force attacks for many services that can help you protect your server. One of the very nice features on CSF is that it provides a built-in web UI for managing the firewall from a web browser. This UI integration is supported by cPanel, DirectAdmin, as well as working independently on your server.<\/p>\n<p>The CSF installation also comes with another service called Login Failure Daemon (LFD). LFD actually is a process that monitors the log files and sends email notifications based on the CSF configuration rules. Let&#8217;s begin with the installation.<!--more--><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-662da06b5b670\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-662da06b5b670\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#Step-1-Connect-to-your-server\" title=\"Step 1: Connect to your server\">Step 1: Connect to your server<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#Step-2-Install-CSFLFD\" title=\"Step 2: Install CSF\/LFD\">Step 2: Install CSF\/LFD<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#Step-3-Basic-Configuration\" title=\"Step 3: Basic Configuration\">Step 3: Basic Configuration<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#Step-4-CSFLFD-notifications\" title=\"Step 4: CSF\/LFD notifications\">Step 4: CSF\/LFD notifications<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#Step-5-Manage-CSF-from-the-Command-Line\" title=\"Step 5: Manage CSF from the Command Line\">Step 5: Manage CSF from the Command Line<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#Step-6-Enable-CSF-Firewall-Web-UI\" title=\"Step 6: Enable CSF Firewall Web UI\">Step 6: Enable CSF Firewall Web UI<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Step-1-Connect-to-your-server\"><\/span>Step 1: Connect to your server<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Before we begin, you need to connect to your server via SSH as the root user. Alternatively, you can use a user account with sudo privileges if you don&#8217;t have access to the root user. To do this, use the following command:<\/p>\n<pre>ssh root@<span style=\"color: #ff0000;\">IP_Address<\/span> -p <span style=\"color: #ff0000;\">Port_Number<\/span><\/pre>\n<p>of course, you will need to replace <code>IP_Address<\/code> and <code>Port_Number<\/code> with your actual server IP address and SSH port number.<\/p>\n<p>Once logged in, make sure that your server is up-to-date by running the following commands:<\/p>\n<pre>apt update\napt upgrade<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Step-2-Install-CSFLFD\"><\/span>Step 2: Install CSF\/LFD<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>After you have successfully updated your server, you can run the following commands to change the current directory to \/opt, download the latest CSF source code, and unpack it to the same directory.<\/p>\n<pre>cd \/opt\/\nwget http:\/\/download.configserver.com\/csf.tgz\ntar xzf csf.tgz<\/pre>\n<p>Before proceeding with the installation, make sure that you are not using another firewall such as UFW. The following two commands will change the directory to \/opt\/csf\/ and execute the installation script.<\/p>\n<pre>cd \/opt\/csf\nsh install.sh<\/pre>\n<p>The installation of the firewall is complete, but it is best to check if the iptables modules are available which are required for proper functioning on CSF. You can do that with the command:<\/p>\n<pre>perl \/usr\/local\/csf\/bin\/csftest.pl<\/pre>\n<p>Output:<\/p>\n<pre>Testing ip_tables\/iptable_filter...OK\nTesting ipt_LOG...OK\nTesting ipt_multiport\/xt_multiport...OK\nTesting ipt_REJECT...OK\nTesting ipt_state\/xt_state...OK\nTesting ipt_limit\/xt_limit...OK\nTesting ipt_recent...OK\nTesting xt_connlimit...OK\nTesting ipt_owner\/xt_owner...OK\nTesting iptable_nat\/ipt_REDIRECT...OK\nTesting iptable_nat\/ipt_DNAT...OK\n\nRESULT: csf should function on this server<\/pre>\n<p>If no fatal errors have been reported from your testing, the CSF firewall will work properly.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step-3-Basic-Configuration\"><\/span>Step 3: Basic Configuration<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you want to configure the CSF firewall, you need to edit the configuration file &#8216;csf.conf&#8217;. In this tutorial, we will use nano as our editor, but you can freely use your favorite editor to edit the configuration file.<\/p>\n<pre>nano \/etc\/csf\/csf.conf<\/pre>\n<p>The first thing we need to check in the configuration files are the open ports on your server. Typically, by default, the most commonly used ports are already open, but sometimes we need to open a specific port on the server. The following list is of the default opened ports by CSF:<\/p>\n<pre># Allow incoming TCP ports\nTCP_IN = \"20,21,22,25,53,80,110,143,443,465,587,993,995\"\n\n# Allow outgoing TCP ports\nTCP_OUT = \"20,21,22,25,53,80,110,113,443,587,993,995\"\n\n# Allow incoming UDP ports\nUDP_IN = \"20,21,53\"\n\n# Allow outgoing UDP ports\n# To allow outgoing traceroute add 33434:33523 to this list\nUDP_OUT = \"20,21,53,113,123\"<\/pre>\n<p>If some of the default listed services are not being used on your server, the best practice is to close them. The less access there is to ports on your server, the better the security of your server becomes.<\/p>\n<p>CSF offers many different options in the configuration files. But we will only cover some of the most commonly used settings.<\/p>\n<p><strong>ICMP_IN<\/strong> &#8211; This option is to control the availability of your server from PING. By default, this setting is set to 1 so that it can allow all incoming PING requests. If you choose to disable this option, you will not be able to use an external monitoring system.<\/p>\n<p><strong>IGNORE_ALLOW<\/strong> &#8211; If you enable this option, LFD will ignore all IP addresses that are listed in the <code>csf.allow<\/code> file. This option can be useful if you use a static IP address at home or in your office and you can be sure that this IP address will never be blocked from the server&#8217;s firewall.<\/p>\n<p><strong>SYNFLOOD<\/strong>, <strong>SUNFLOOD_RATE<\/strong> and <strong>SYNFLOOD_BURST<\/strong> &#8211; This option should be used only if your server is under a SYN flood attack. Please note that it is not recommended to enable this option because it will significantly slow down your server, and some visitors may have a connection problem.<\/p>\n<p><strong>LF_ALERT_TO<\/strong> and <strong>LF_ALERT_FROM<\/strong> &#8211; This is where you define the email addresses that you want to use for alerts.<\/p>\n<p><strong>TESTING<\/strong> &#8211; By default, TESTING is set to 1. This means that CSF enables a CRON job that clears your iptables configuration in case of configuration problems when you start CSF. This is a precautionary measure that should help you avoid getting locked out of your server. Once you are completely sure that all the settings are OK, you can set the value to zero which will enable the LFD service.<\/p>\n<p>Once you define all the settings you prefer, you can save the configuration file and restart and enable the CSF and LFD services, which causes them to start automatically upon boot.<\/p>\n<pre>systemctl restart csf\nsystemctl enable csf\nsystemctl restart lfd\nsystemctl enable lfd<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Step-4-CSFLFD-notifications\"><\/span>Step 4: CSF\/LFD notifications<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>One of the many options of the CSF LFD are the various notifications that can help you monitor the events on your server. In this section of the article, we&#8217;ll show you how to activate or disable some of these notifications.<\/p>\n<p>We will start with the system integrity alerts that check for changes in certain system files. These notifications help to detect compromised files, but you will also receive emails when changes are made with legitimate system updates.<\/p>\n<p>You can leave these types of notifications if you want to track changes made to your system. If you have decided not to receive these notifications, you can disable them by finding the <strong>LF_INTEGRITY<\/strong> parameter in the csf.conf file and set its value to 0, or you can simply run the following command:<\/p>\n<pre>sed -i 's\/LF_INTEGRITY = \"3600\"\/LF_INTEGRITY = \"0\"\/g' \/etc\/csf\/csf.conf<\/pre>\n<p>The second type of notification that we would like to talk about is the excessive resource usage alert. These types of notifications are probably the most common. LFD has a feature that can monitor processes running on your server and send you emails if they use too many resources. The purpose of these notifications is to track the most intensive processes which can cause loading issues on the server. If you have decided not to receive these notifications, you can disable them by finding the <strong>PT_USERMEM<\/strong> and <strong>PT_USERTIME<\/strong> parameter in the csf.conf file and set its value to 0 or you can simply run the following commands:<\/p>\n<pre>sed -i 's\/PT_USERTIME = \"1800\"\/PT_USERTIME = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/PT_USERMEM = \"512\"\/PT_USERMEM = \"0\"\/g' \/etc\/csf\/csf.conf<\/pre>\n<p>The Process Tracking option examines suspicious executable files or opened network ports on your server. These notifications help to detect potentially exploitative processes, even if these processes appear as system services. If you have decided to not receive these notifications, you can disable them by finding the <strong>PT_LIMIT<\/strong> parameter in the csf.conf file and set its value to 0 or you can simply run the following SSH command:<\/p>\n<pre>sed -i 's\/PT_LIMIT = \"60\"\/PT_LIMIT = \"0\"\/g' \/etc\/csf\/csf.conf<\/pre>\n<p>The last type of notifications that we will cover in this article are the alerts about the IP block.<\/p>\n<p>CSF\/LFD has the power to block IP addresses for certain reasons. Each time the system blocks an IP address, you will be notified by email containing the IP address that was blocked and the reason why it was blocked. If you want to manage these types of notification you can open your csf.conf file and find the following options:<\/p>\n<p><strong>LF_EMAIL_ALERT<\/strong> &#8211; Send an email alert if an IP address is blocked by one of the [*] triggers<\/p>\n<p><strong>LF_PERMBLOCK_ALERT<\/strong> &#8211; If an IP address was blocked more than a few times (to configure, use <strong>LF_PERMBLOCK_COUNT<\/strong>) then this option will send an email notification when the IP address is permanently blocked.<\/p>\n<p><strong>LF_NETBLOCK_ALERT<\/strong> &#8211; If an IP network class was blocked, you will receive an email notification.<\/p>\n<p><strong>LF_DISTFTP_ALERT<\/strong> &#8211; If <strong>LF_DISTFTP<\/strong> is triggered, you will receive an email notification with IP addresses that have been blocked with a reason for being involved in an FTP distributed attack.<\/p>\n<p><strong>LF_DISTSMTP_ALERT<\/strong> &#8211; If <strong>LF_DISTSMTP<\/strong> is triggered, you will receive an email notification with IP addresses that have been blocked with a reason for being involved in an SMTP distributed attack.<\/p>\n<p><strong>LT_EMAIL_ALERT<\/strong> &#8211; If an account exceeds the number of daily logins per IP address, then you will receive an email alert.<\/p>\n<p><strong>CT_EMAIL_ALERT<\/strong> &#8211; If an IP address is blocked due to connectivity tracking, then you will receive an email alert. These types of email alerts are triggered by the <strong>CT_LIMIT<\/strong> feature. The\u00a0<strong>CT_LIMIT<\/strong> option is meant to protect your server from DOS attacks.<\/p>\n<p>If you choose not to receive these notifications, you can turn them off by finding them in the csf.conf file and setting their values to 0, or you can simply run the following commands:<\/p>\n<pre>sed -i 's\/LF_EMAIL_ALERT = \"1\"\/LF_EMAIL_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/LF_PERMBLOCK_ALERT = \"1\"\/LF_PERMBLOCK_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/LF_NETBLOCK_ALERT = \"1\"\/LF_NETBLOCK_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/LF_DISTFTP_ALERT = \"1\"\/LF_DISTFTP_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/LF_DISTSMTP_ALERT = \"1\"\/LF_DISTSMTP_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/LT_EMAIL_ALERT = \"1\"\/LT_EMAIL_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf\nsed -i 's\/CT_EMAIL_ALERT = \"1\"\/CT_EMAIL_ALERT = \"0\"\/g' \/etc\/csf\/csf.conf<\/pre>\n<p>Once the changes have been made, you need to restart CSF and LFD using the following systemctl commands:<\/p>\n<pre>systemctl restart csf \nsystemctl restart lfd<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Step-5-Manage-CSF-from-the-Command-Line\"><\/span>Step 5: Manage CSF from the Command Line<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You can manage CSF from the command line or through the built-in Web User Interface. In this part of the tutorial, we will make a short list of useful commands that can help you manage CSF from your command line.<\/p>\n<p>Start, Stop and Restart\/Reload CSF:<\/p>\n<pre>csf -s : Start csf<\/pre>\n<pre>csf -f : Stop csf<\/pre>\n<pre>csf -r : Reload\/Restart csf<\/pre>\n<p>Allow an IP and add it to csf.allow (Whitelist an IP):<\/p>\n<pre>csf -a 123.45.67.89<\/pre>\n<p>Output:<\/p>\n<pre>Adding 123.45.67.89 to csf.allow and iptables ACCEPT...\nACCEPT all opt -- in !lo out * 123.45.67.89 -&gt; 0.0.0.0\/0 \nACCEPT all opt -- in * out !lo 0.0.0.0\/0 -&gt; 123.45.67.89<\/pre>\n<p>Remove and delete an IP from csf.allow:<\/p>\n<pre>csf -ar 123.45.67.89<\/pre>\n<p>Output:<\/p>\n<pre>Removing rule...\nACCEPT all opt -- in !lo out * 123.45.67.89 -&gt; 0.0.0.0\/0 \nACCEPT all opt -- in * out !lo 0.0.0.0\/0 -&gt; 123.45.67.89<\/pre>\n<p>Deny an IP and add to csf.deny (Blacklist an IP):<\/p>\n<pre>csf -d 123.45.67.89<\/pre>\n<p>Output:<\/p>\n<pre>Adding 123.45.67.89 to csf.deny and iptables DROP...\nDROP all opt -- in !lo out * 123.45.67.89 -&gt; 0.0.0.0\/0 \nLOGDROPOUT all opt -- in * out !lo 0.0.0.0\/0 -&gt; 123.45.67.89<\/pre>\n<p>Remove and delete an IP from csf.deny (Unblock IP address):<\/p>\n<pre>csf -dr 123.45.67.89<\/pre>\n<p>Output:<\/p>\n<pre>Removing rule...\nDROP all opt -- in !lo out * 123.45.67.89 -&gt; 0.0.0.0\/0 \nLOGDROPOUT all opt -- in * out !lo 0.0.0.0\/0 -&gt; 123.45.67.89<\/pre>\n<p>Remove and Unblock all IP addresses from csf.deny:<\/p>\n<pre>csf -df<\/pre>\n<p>Output:<\/p>\n<pre>DROP all opt -- in !lo out * 123.45.67.88 -&gt; 0.0.0.0\/0 \nLOGDROPOUT all opt -- in * out !lo 0.0.0.0\/0 -&gt; 123.45.67.88 \nDROP all opt -- in !lo out * 123.45.67.89 -&gt; 0.0.0.0\/0 \nLOGDROPOUT all opt -- in * out !lo 0.0.0.0\/0 -&gt; 123.45.67.89 \ncsf: all entries removed from csf.deny<\/pre>\n<p>Search for a pattern match in iptables e.g: IP, CIDR, Port Number:<\/p>\n<pre>csf -g 123.45.67.89<\/pre>\n<p>Output:<\/p>\n<pre>Table Chain num pkts bytes target prot opt in out source destination\nfilter DENYIN 1 0 0 DROP all -- !lo * 123.45.67.89 0.0.0.0\/0\nfilter DENYOUT 1 0 0 LOGDROPOUT all -- * !lo 0.0.0.0\/0 123.45.67.89<\/pre>\n<p>Displays the current list of temporary allow and deny IP entries with their TTL and comment:<\/p>\n<pre>csf -t<\/pre>\n<p>Check for updates to csf and upgrade if available:<\/p>\n<pre>csf -u<\/pre>\n<p>Disable CSF and LFD completely:<\/p>\n<pre>csf -x<\/pre>\n<p>Enable CSF and LFD if previously disabled:<\/p>\n<pre>csf -e<\/pre>\n<p>Show the CSF version:<\/p>\n<pre>csf -v<\/pre>\n<p>Output:<\/p>\n<pre>csf: v13.04 (generic)<\/pre>\n<p>For more options you can check the following command:<\/p>\n<pre>csf -h<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Step-6-Enable-CSF-Firewall-Web-UI\"><\/span>Step 6: Enable CSF Firewall Web UI<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In this step, we will show you how to enable the CSF Web User Interface. This step is optional and it should be used only if you don&#8217;t use a control panel that supports the CSF UI (e.g. WHM\/cPanel, DirectAdmin, Webmin, etc.)<\/p>\n<p>The CSF UI requires several Perl modules to be installed on your server. You can meet these requirements by installing the Perl modules with the following command:<\/p>\n<pre>apt install libio-socket-ssl-perl libcrypt-ssleay-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl<\/pre>\n<p>Next is to enable the CSF Web User Interface. You can enable the CSF web interface by editing the csf.conf file:<\/p>\n<pre>nano \/etc\/csf\/csf.conf<\/pre>\n<p>and update the following values:<\/p>\n<pre># 1 to enable, 0 to disable web ui \nUI = \"1\"\n\n# Set port for web UI. The default port is 6666, but\n# I change this to 7171 for easy access. The default port creates some issue\n# with the chrome and firefox browsers (in my case)\n\nUI_PORT = \"7171\"\n\n# Leave blank to bind to all IP addresses on the server \nUI_IP = \"\"\n\n# Set username for authetnication \nUI_USER = \"admin\"\n\n# Set a strong password for authentication \nUI_PASS = \"Str0n9_PasSw0rD\"<\/pre>\n<p>Feel free to change the values \u200b\u200bof our example with appropriate values. Once you make and save the changes, you can whitelist your public IP address by editing the ui.allow configuration file.<\/p>\n<p>Replace the &#8216;<code>Your_Public_IP_Address<\/code>&#8216; with your actual IP address and execute the command:<\/p>\n<pre>sudo echo \"<span style=\"color: #ff0000;\">Your_Public_IP_Address<\/span>\" &gt;&gt; \/etc\/csf\/ui\/ui.allow<\/pre>\n<p>To apply the changes you have made, you need to restart the LFD service. Restart the LFD daemon on your server by using the following command:<\/p>\n<pre>sudo service lfd restart<\/pre>\n<p>You should now be able to access the CSF UI on your browser with your server IP address and the specific port you used in the csf.conf file. In our example, we used the port 7171.<\/p>\n<p><code>https:\/\/Your_Public_IP_Address:7171<\/code><\/p>\n<p>After the successful login, you should be able to view the CSF user interface.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-31580 size-large\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall-615x1024.png\" alt=\"\" width=\"615\" height=\"1024\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall-615x1024.png 615w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall-90x150.png 90w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall-180x300.png 180w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall-768x1278.png 768w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall-1080x1797.png 1080w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/ConfigServer-Security-Firewall.png 1903w\" sizes=\"(max-width: 615px) 100vw, 615px\" \/><\/p>\n<p>Quick Allow, Quick Deny or Quick Unblock can be very useful options from the CSF UI.<\/p>\n<p>In this article, we showed you how to install and configure a Firewall with CSF on Debian 9, as well as shortly going over using CSF. Now you can use the knowledge of this guide and start to create your own CSF firewall rules which will help you to protect your server.<\/p>\n<hr \/>\n<p><img decoding=\"async\" class=\"alignleft size-full wp-image-31646\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/managed-support-setup-firewall-on-debian9-vps.jpg\" alt=\"\" width=\"150\" height=\"150\" \/>Of course, if you are one of our <a href=\"https:\/\/www.rosehosting.com\/debian-hosting.html\">Debian Hosting<\/a> customers, you don\u2019t have to configure your firewall with CSF on your server \u2013 simply ask our admins, sit back, and relax. Our admins will configure the firewall rules on your server for you immediately.<\/p>\n<p><span style=\"color: #ff0000;\">PS.<\/span> If you liked this post about how to configure a Firewall with CSF on Debian 9, please share it with your friends on the social networks using the share buttons below, or simply leave a comment in the comments section. Thanks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article, we will show you how to install and configure the CSF firewall on a Debian 9 VPS, &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"How to Configure a Firewall with CSF on Debian 9\" class=\"read-more button\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#more-31579\" aria-label=\"Read more about How to Configure a Firewall with CSF on Debian 9\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":31644,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1700,1703],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Configure a Firewall with CSF on Debian 9 - RoseHosting<\/title>\n<meta name=\"description\" content=\"How to Configure a Firewall with CSF on Debian 9 - RoseHosting\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Configure a Firewall with CSF on Debian 9 - RoseHosting\" \/>\n<meta property=\"og:description\" content=\"How to Configure a Firewall with CSF on Debian 9 - RoseHosting\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\" \/>\n<meta property=\"og:site_name\" content=\"RoseHosting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RoseHosting\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/rosehosting.helpdesk\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-07T21:26:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-03T08:33:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"742\" \/>\n\t<meta property=\"og:image:height\" content=\"372\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:site\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\"},\"author\":{\"name\":\"Jeff Wilson\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713\"},\"headline\":\"How to Configure a Firewall with CSF on Debian 9\",\"datePublished\":\"2019-11-07T21:26:43+00:00\",\"dateModified\":\"2022-06-03T08:33:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\"},\"wordCount\":2035,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg\",\"articleSection\":[\"Debian\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\",\"name\":\"How to Configure a Firewall with CSF on Debian 9 - RoseHosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg\",\"datePublished\":\"2019-11-07T21:26:43+00:00\",\"dateModified\":\"2022-06-03T08:33:21+00:00\",\"description\":\"How to Configure a Firewall with CSF on Debian 9 - RoseHosting\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg\",\"contentUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg\",\"width\":742,\"height\":372},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rosehosting.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Configure a Firewall with CSF on Debian 9\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#website\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/\",\"name\":\"RoseHosting\",\"description\":\"Premium Linux Tutorials Since 2001\",\"publisher\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\",\"name\":\"RoseHosting\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png\",\"contentUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png\",\"width\":192,\"height\":192,\"caption\":\"RoseHosting\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RoseHosting\",\"https:\/\/x.com\/rosehosting\",\"https:\/\/www.linkedin.com\/in\/rosehosting\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713\",\"name\":\"Jeff Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g\",\"caption\":\"Jeff Wilson\"},\"description\":\"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.\",\"sameAs\":[\"https:\/\/www.rosehosting.com\",\"https:\/\/www.facebook.com\/rosehosting.helpdesk\"],\"url\":\"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Configure a Firewall with CSF on Debian 9 - RoseHosting","description":"How to Configure a Firewall with CSF on Debian 9 - RoseHosting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/","og_locale":"en_US","og_type":"article","og_title":"How to Configure a Firewall with CSF on Debian 9 - RoseHosting","og_description":"How to Configure a Firewall with CSF on Debian 9 - RoseHosting","og_url":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/","og_site_name":"RoseHosting","article_publisher":"https:\/\/www.facebook.com\/RoseHosting","article_author":"https:\/\/www.facebook.com\/rosehosting.helpdesk","article_published_time":"2019-11-07T21:26:43+00:00","article_modified_time":"2022-06-03T08:33:21+00:00","og_image":[{"width":742,"height":372,"url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg","type":"image\/jpeg"}],"author":"Jeff Wilson","twitter_card":"summary_large_image","twitter_creator":"@rosehosting","twitter_site":"@rosehosting","twitter_misc":{"Written by":"Jeff Wilson","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#article","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/"},"author":{"name":"Jeff Wilson","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713"},"headline":"How to Configure a Firewall with CSF on Debian 9","datePublished":"2019-11-07T21:26:43+00:00","dateModified":"2022-06-03T08:33:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/"},"wordCount":2035,"commentCount":1,"publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg","articleSection":["Debian","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/","url":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/","name":"How to Configure a Firewall with CSF on Debian 9 - RoseHosting","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg","datePublished":"2019-11-07T21:26:43+00:00","dateModified":"2022-06-03T08:33:21+00:00","description":"How to Configure a Firewall with CSF on Debian 9 - RoseHosting","breadcrumb":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#primaryimage","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2019\/07\/how-to-configure-a-firewall-with-csf-on-debian9.jpg","width":742,"height":372},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-configure-a-firewall-with-csf-on-debian-9\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rosehosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Configure a Firewall with CSF on Debian 9"}]},{"@type":"WebSite","@id":"https:\/\/www.rosehosting.com\/blog\/#website","url":"https:\/\/www.rosehosting.com\/blog\/","name":"RoseHosting","description":"Premium Linux Tutorials Since 2001","publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosehosting.com\/blog\/#organization","name":"RoseHosting","url":"https:\/\/www.rosehosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","width":192,"height":192,"caption":"RoseHosting"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RoseHosting","https:\/\/x.com\/rosehosting","https:\/\/www.linkedin.com\/in\/rosehosting\/"]},{"@type":"Person","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713","name":"Jeff Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g","caption":"Jeff Wilson"},"description":"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.","sameAs":["https:\/\/www.rosehosting.com","https:\/\/www.facebook.com\/rosehosting.helpdesk"],"url":"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/31579"}],"collection":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/comments?post=31579"}],"version-history":[{"count":1,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/31579\/revisions"}],"predecessor-version":[{"id":40681,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/31579\/revisions\/40681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media\/31644"}],"wp:attachment":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media?parent=31579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/categories?post=31579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/tags?post=31579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}