ConfigServer Community Forum

I just found something very disconcerting that could explain why the custom regex is not working for us. Permanent blocks are not working in our CSF install at all. Temporary blocks do work. When a block reaches permenant status it is added to csf.tempip, but nothing is added to csf.deny, and csf -g...

I tested with a default csf.conf, and I also discovered something I did not know. Apparently you need to set LF_SELECT to 1 in order to enable custom regex, correct? But I still could not get this to work. I used a default csf.conf, and only changed two settings, TESTING=0 and LF_SELECT=1. After set...

Thanks but I did check that, and also grepped the iptables rules for the ip with 'csf -g', no match. Another thing, if a block is processed it sends me an email alert even if the IP is in csf.allow, with a notation that the block might not take effect because the IP is whitelisted. Even if by some b...

Thanks Macele! I'm sure this should work, but just like LF_MODSEC I can't get it to work on my systems. I tested your regex on a test server, using an ab script on another server that easily triggered the alert, but no block in CSF :/

Thanks for the reply Marcele. I did restart CSF and LFD from the Webmin UI. I have restarted again from the shell with csf -ra, but it has not helped. Your regex101 link is going to help me either way, because what I would most like is custom regex to generate a firewall block based on the trigger b...

I'm trying to get LF_MODSEC to block IPs that trigger mod_security rules, but so far it's not working as I expect. Here are my settings: MODSEC_LOG = /var/log/httpd/error_log All vhosts are set to put errors in this log LF_TRIGGER = 0 LF_TRIGGER_PERM = 0 LF_MODSEC = 5 LF_MODSEC_PERM = 86400 Here are...