Whitelisting IPs with Imunify360 on cPanel Servers

Why You Need IP Whitelisting

If you’re running a cPanel server with Imunify360 as your only firewall (without CSF or another layer), Imunify360 is the single gatekeeper for all incoming traffic. Its automated threat detection is aggressive by design — it will block IPs that trigger too many requests, fail authentication, or match known threat signatures.

This becomes a problem in legitimate scenarios:

• A backup system (like JetBackup) connecting from a remote destination server gets blocked mid-transfer
• A monitoring service polling your server frequently trips the rate limiter
• A remote developer or agency gets blocked after a few failed SSH attempts
• A payment gateway or third-party API making repeated requests that look suspicious to the heuristic engine

In these cases, you don’t want Imunify360 to “learn” to trust the IP over time — you want to explicitly whitelist it so it’s never blocked.

Other Common Examples

• Office static IP that staff work from
• Your own home IP for server administration
• A CDN’s origin IP range pulling content from your server
• A staging server hammering your production database or API during testing

How to List Existing Whitelisted IPs

imunify360-agent ip-list local list --purpose white

For JSON output (useful for scripting):

imunify360-agent ip-list local list --purpose white --json

How to Add a Single IP

imunify360-agent ip-list local add --purpose white 184.94.197.2

Add a comment so you remember why it was whitelisted:

imunify360-agent ip-list local add --purpose white --comment "cpanel support" 184.94.197.2

(See disclaimer below regarding the IPs used in these examples.)

How to Add Multiple IPs

One-liner

for ip in 184.94.197.2 184.94.197.3 184.94.197.4 184.94.197.5 184.94.197.6 208.74.123.98; do
  imunify360-agent ip-list local add --purpose white --comment "cpanel support" $ip
done

(See disclaimer below regarding the IPs used in these examples.)

From a text file (one IP per line)

Create your file:

184.94.197.2
184.94.197.3
184.94.197.4
184.94.197.5
184.94.197.6
208.74.123.98

Then load it:

while IFS= read -r ip; do
  imunify360-agent ip-list local add --purpose white --comment "cpanel support" "$ip"
done < /path/to/ips.txt

(See disclaimer below regarding the IPs used in these examples.)

How to Remove IPs

Single IP

imunify360-agent ip-list local delete --purpose white 184.94.197.2

(See disclaimer below regarding the IPs used in these examples.)

Multiple IPs (one-liner)

for ip in 184.94.197.2 184.94.197.3 184.94.197.4 184.94.197.5 184.94.197.6 208.74.123.98; do
  imunify360-agent ip-list local delete --purpose white $ip
done

(See disclaimer below regarding the IPs used in these examples.)

From a text file

while IFS= read -r ip; do
  imunify360-agent ip-list local delete --purpose white "$ip"
done < /path/to/ips.txt

(See disclaimer below regarding the IPs used in these examples.)

Advanced: Add Multiple IPs with Expiration from a Text File

Useful when you need temporary access — for example a contractor, a support team, or a backup service during migration — and you want the whitelist to clean itself up automatically.

The --expiration flag takes a Unix timestamp (seconds since epoch), not a duration. So you calculate the expiry time first, then loop through your IPs.

Expire in 24 hours, load from file

EXP=$(date -d "+1 day" +%s)

while IFS= read -r ip; do
  imunify360-agent ip-list local add \
    --purpose white \
    --expiration $EXP \
    --comment "temp_$(date +%Y-%m-%d)" \
    "$ip"
done < /path/to/ips.txt

(See disclaimer below regarding the IPs used in these examples.)

Expire in 7 days, load from file

EXP=$(date -d "+7 days" +%s)

while IFS= read -r ip; do
  imunify360-agent ip-list local add \
    --purpose white \
    --expiration $EXP \
    --comment "temp_$(date +%Y-%m-%d)" \
    "$ip"
done < /path/to/ips.txt

(See disclaimer below regarding the IPs used in these examples.)

The IPs will be automatically removed by Imunify360 when the expiration time is reached — no cron job or manual cleanup needed.

Temporary Blacklisting for Suspicious Traffic

Sometimes you spot suspicious activity from an IP — repeated probing, unusual request patterns, or a spike in failed logins — but you’re not confident enough to block it permanently. A temporary drop gives you immediate protection while expiring automatically, so you don’t accumulate stale rules over time.

The drop purpose blocks access at the network level via iptables and returns a 403 on web ports, even when requests come through a proxy.

Single IP — expire in 4 hours

EXP=$(date -d "+4 hours" +%s)
imunify360-agent ip-list local add --purpose drop --expiration $EXP --comment "suspect_$(date +%Y-%m-%d)" 184.94.197.2

(See disclaimer below regarding the IPs used in these examples.)

Multiple IPs — one-liner, expire in 4 hours

EXP=$(date -d "+4 hours" +%s) && for ip in 184.94.197.2 184.94.197.3 184.94.197.4 184.94.197.5 184.94.197.6 208.74.123.98; do
  imunify360-agent ip-list local add --purpose drop --expiration $EXP --comment "suspect_$(date +%Y-%m-%d)" $ip
done

(See disclaimer below regarding the IPs used in these examples.)

From a text file, expire in 4 hours

EXP=$(date -d "+4 hours" +%s)

while IFS= read -r ip; do
  imunify360-agent ip-list local add \
    --purpose drop \
    --expiration $EXP \
    --comment "suspect_$(date +%Y-%m-%d)" \
    "$ip"
done < /path/to/suspect_ips.txt

(See disclaimer below regarding the IPs used in these examples.)

⚠️ Disclaimer: All IP addresses used throughout this article (184.94.197.2–6, 208.74.123.98) are cPanel’s own support IPs, used here as a familiar real-world example — they are not meant to be blocked or treated as suspicious. Substitute them with any vendor or third-party IPs relevant to your situation. For the current authoritative list, see the official cPanel support article.