Search found 6 matches
- 02 May 2025, 17:27
- Forum: General Discussion (csf)
- Topic: ip6tables-restore v1.8.5 (nf_tables): unknown option "--icmp-type"
- Replies: 0
- Views: 13112
ip6tables-restore v1.8.5 (nf_tables): unknown option "--icmp-type"
Recently we've added the UptimeRobot IPs from https://uptimerobot.com/inc/files/ips/IPv4andIPv6.txt to our CSF allow list (using "Include" of a separate file). For each IP, we've added icmp|in|d=ping|s=<IP> and tcp|in|d=80,443|s=<IP> . On some servers running CloudLinux 8 with cPanel, we'v...
- 23 Oct 2024, 14:37
- Forum: Report Bugs (csf)
- Topic: Apache-related LF_* options not working
- Replies: 1
- Views: 30468
Re: Apache-related LF_* options not working
It seems like LF_APACHE_401 and LF_APACHE_403 don't seem to always work either, so I've built custom rules for all Apache-related LF_* options: # BEGIN - Custom REGEX Rules # mod_security v2 (Apache) if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S...
- 23 Oct 2024, 13:44
- Forum: Report Bugs (csf)
- Topic: Apache-related LF_* options not working
- Replies: 1
- Views: 30468
Apache-related LF_* options not working
We've noticed that some Apache-related LF_* rules (LF_APACHE_404 and LF_MODSEC specifically) no longer seem to get triggered. I've simulated multiple 404 errors and triggered random ModSecurity rules, but CSF didn't pick up any of the events, and my non-whitelisted IP address didn't get blocked at a...
- 12 Jun 2024, 11:16
- Forum: General Discussion (csf)
- Topic: TCP Source Port Pass Firewall
- Replies: 1
- Views: 4978
Re: TCP Source Port Pass Firewall
This can be closed, as we've found out eventually that part of the scan (including this check) was performed on a CloudFlare IP address instead of our server.
- 04 Jun 2024, 17:59
- Forum: General Discussion (csf)
- Topic: TCP Source Port Pass Firewall
- Replies: 1
- Views: 4978
TCP Source Port Pass Firewall
Hello, For some reason on one of our servers the following test of a PCI scan fails: TCP Source Port Pass Firewall PCI Severity Level: The vulnerability is not included in the NVD. VULNERABILITY DETAILS CVSS Base Score: 5 CVSS Temporal Score: 3.6 Severity: 3 QID:34000 Category: Firewall Last Update:...
- 06 Mar 2024, 12:29
- Forum: General Discussion (csf)
- Topic: CSF Messenger Service and Alternative for Google reCAPTCHA
- Replies: 0
- Views: 11093
CSF Messenger Service and Alternative for Google reCAPTCHA
On April 1st 2024, Google will implement a new pricing model that will significantly reduce the free tier usage of reCAPTCHA and introduce new prices for the reCAPTCHA Enterprise service. A different firewall that we use has developed their own bot protection technology in preparation for this chang...