This post is either posted in the suggestions by me by accident, or moved there without any comment to it. If you move again, please state why it's not a bug.
This is not a suggestion however, it's a bug. Not working as should be = a bug.
I wanted to block an ip on my current server and on the cluster servers, so I use the command like this:
csf -cd 82.146.54.128
I'm having problems with LF_QOS which use to work but seems not to be working anymore
mod_qos is configured for 10 requests in 60s to .php scripts, if thats is exceed it throws a 500 error.
mod_qos is working correctly it's throwing the error and reporting it to the apache error_log, shown below however csf is no longer blocking them as per it's config
I recently began outgoing spam filtering on my server and with a score of 5. Lfd notifications are being picked up as spam because they are missing the date and message ID headers:
After installing ipset package I activated IPSET in the firewall configuration (LF_IPSET=1) but then got an error when restarting csf+lfd:
open3: exec of /usr/sbin/ipset flush failed at /usr/sbin/csf line 4599
After investigating by activating DEBUG mode, I saw that the script was trying to launch /usr/sbin/ipset but ipset was only available as /sbin/ipset. I added a symbolic link so ipset could...
I'm wondering if it would be possible to increase the csf.blocklists 9 character naming limit? I know that the name will be used as the iptables chain name. Is the 9 char limit some sort of legacy iptables limitation? Everywhere I've looked it says that user defined chain names can be up to 30 chars in length.
If it is a legacy limit maybe detect if iptables is legacy and only impose the...
We use clustering on all of our servers that are strictly controlled by us and it works great! The power of clustering comes in particularly handy when a DDoS attack is underway as denies for an entire botnet get distributed around to all of our servers if only one gets hit first, preventing future attacks.
We'd love to do the same for servers that we manage for our clients, however they also...
We have a few ideas for the --callow and --cdeny commands.
Send comments
Currently these commands filter al the comments from the command and do not send them trough the cluster. It would be great to send the comments to al the cluster and append them to the current text of wich server send the allow or deny. It helps understanding why an cluster allow/deny is send.
Is it possible when an email alert for load is coming
to also include a netstat .txt attachment?
It is already sending apache status, vmstat, ps etc,
with a netstat at least we can see live if the load
is coming -for example- from a DoS or DDoS attack
seeing the number of the connections the time of the load.
A sum of SYN_RECV, TIME_WAIT, CLOSE_WAIT and ESTABLISHED should
be...
Hi! I just allowed resellers to add/deny IP's, and it works well but,... it would be nice if you enforce entering comments so that they can insert a brief note explaining why such IP was blacklisted/whitelisted.
This would be a rich feature to avoid having a list of white/black listed IP's without knowing why are them listed there.
The comment in the rules file could be formatted w/something...
However it would be nice at the end if it would confirm it is restarting LFD, and maybe even pause to watch and wait to see LFD successfully restarts and mention that too?
i am requently on the road for business and get mail notifications about blocks, hack attempts. etc...
it would be nice to have a app availible to adjust some features of csf..
i know the mobile webinterface.. but it's limited to block / unblock IP addressess..
Currently CSF is using separate calls to support ipset and with a big list of blocked ip-adresses (25000) this takes a long time to add al of them to ipset.
Before the CSF ipset support we where using our own implementation of ipset and we are using the restore method of ipset to import the list very fast. What you do is create a file with al of the add calls like this.
Please consider adding the ability for CSF to automatically send the ARF report to the abuse email address of the authorized party who has control over the IP address involved in the abuse.
I'm on a stock CentOS6 system and have configured csf to read all Plesk domain logs via file globbing. This works great generally, but on some servers with more than roughly 150 or so domains (particularly when we've got nginx and apache running), LFD is reading in a large number of log files and exceeding the default 1024 per user limit.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum