Excellent software and practical tutorials
How to re-enable CSF Firewall in CyberPanel
CyberPanel Server is installed CSF Then a 500 error occurred!
If you recently updated to CyberPanel As of the subsequent commits of version 2.3.6, you may have noticed that CSF (ConfigServer Security andFirewall) The firewall has been disabled. This issue is directly related to the upgrade of CyberPanel from Django v3 to v4, which introduced breaking changes that are currently incompatible with CSF. Unfortunately, CSF has not yet updated its code to be compatible with Django 4, leaving many users without a working firewall.
question
CyberPanel upgraded from Django v3 to v4 to keep up with the latest web development standards, but this created a major conflict with CSF. The core issue was that many users relied on CSF for firewall management, but CSF had not yet been updated to support Django 4. This inconsistency caused a lot of friction.compatibilityCyberPanel 2.3.6 and later versions disable CSF, which may make your server vulnerable.
After installing CSF on CyberPanel 2.3.9, users encountered a 500 internal server error, which made the control panel inaccessible. 500 errors usually indicate configuration issues, dependency conflicts, or code execution failures on the server side. Based on community discussions and related materials, this may be a compatibility issue between CSF and the latest version of CyberPanel, especially caused by the upgrade of Django version (from v3 to v4).
Incompatible Django versions
CyberPanel has upgraded Django to v4 since 2.3.6, but the current version of CSF has not yet fully adapted to Django v4. This will cause CSF's Python modules (such as ConfigServer/URLGet.pm or DisplayUI.pm) to fail to execute in the CyberPanel environment.
Community feedback indicates that CSF is disabled in CyberPanel 2.3.6 and above, or triggers a 500 error after installation.
Check the current environment
Confirm CyberPanel version
cat /usr/local/CyberCP/version.txt
Confirm Django version
python3 -c "import django; print(django.get_version())"
If it shows 4.xx, it may be incompatible with CSF.
Uninstalling the existing CSF
CyberPanel server reports error 500. First uninstall CSF, then check if CyberPanel still reports an error. If the panel is accessible normally after uninstallation, it is caused by a conflict between CSF and CyberPanel.500 Error.
sh /etc/csf/uninstall.sh
Reinstall CSF using the rollback script
If CSF is required and the above steps do not work, you can roll back to 2.3.5 (which supports Django v3 and CSF):
cd /usr/src wget https://sajetekengineering.com/wp-content/uploads/cyberpanel/cyberpanel_csf_rollback.sh chmod +x cyberpanel_csf_rollback.sh ./cyberpanel_csf_rollback.sh
The script backs up the existing configuration and downgrades to a compatible version.
Reinstall CSF
wget https://github.com/waytotheweb/scripts/raw/refs/heads/main/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Official Solution
The official installation script has been upgraded. If you encounter a 500 error after installing csf, you only need to use the official upgrade script to upgrade and install.
sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)
Temporary solution: Manual rollback
Rolling back CyberPanel to a compatible version For those who need to restore CSF functionality, a temporary solution is to manually roll back to a version of CyberPanel that is still compatible with CSF. To simplify this process, I created a script that automatically rolls back.
What the script does
- Backing up CyberPanel and CSF configuration:
- The script first creates a backup of your directory
/usr/local/CyberCPto ensure that your current CyberPanel settings are stored safely. - It also backs up your CSF configuration files
/etc/csf(if it exists). Since we need to remove and reinstall CSF, this step ensures that all your custom firewall settings are preserved.
- The script first creates a backup of your directory
- Download a compatible CyberPanel version:
- This script downloads a CSF-compatible version of CyberPanel. This version still uses Django v3 which is fully compatible with CSF.
- Back up and restore credentials stored in settings.py
- Downgrade Django and reinstall CSF:
- This script uninstalls and reinstalls CSF through Cyberpanel, thus fixing the UI.
- Finally, the script downgrades Django from v4 to v3 to align it with the downloaded CyberPanel version and ensure that CSF works properly.
How to use the script
To use this rollback script, follow these steps:
pip install -r /usr/local/CyberCP/requirments.txt --force-reinstall
sh <(curl https://sajetekengineering.com/wp-content/uploads/cyberpanel/install_csf_cyberpanel.sh || wget -O - https://sajetekengineering.com/wp-content/uploads/cyberpanel/install_csf_cyberpanel.sh)
After running the script above and restarting the server, CSF was installed successfully!
After CSF is installed, it will start with a warning
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
This warning means that CSF has detected that the SENDMAIL binary path /usr/sbin/sendmail specified in the configuration file /etc/csf/csf.conf cannot be found, is not installed, or is not executable. This will affect the normal function of CSF and LFD.
sudo apt install sendmail
Restart CSF and LFD services
After ensuring everything is working properly, restart the CSF and LFD services:
sudo systemctl restart csf
sudo systemctl restart lfd
This manual rollback is only a temporary fix, but it is essential for users who rely on CSF for firewall management. Until CSF updates its code to be compatible with Django 4, this workaround will allow you to maintain the security of your server. Please keep an eye on updates to CSF and CyberPanel for a more permanent solution in the future.
