CSF Blocking IPs even when IN whitelist

[MUmair]

Hello,

This is happening on a brand new server. (I.e. which was setup recently running latest cP with mod_security and CSF + CXS setup)

I have white listed Google bot, pingdom and Cloudflare IPs in csf.allow but they keep getting blocked due to mod_security (cPanel's new mod_sec rules are messy)

See the example.

root@server [~]# csf -g 188.138.118.144
Chain num pkts bytes target prot opt in out source destination
ALLOWIN 62 47 7411 ACCEPT all -- !lo * 188.138.118.144 0.0.0.0/0
ALLOWOUT 62 43 17327 ACCEPT all -- * !lo 0.0.0.0/0 188.138.118.144
DENYIN 201 0 0 DROP all -- !lo * 188.138.118.144 0.0.0.0/0
DENYOUT 201 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.138.118.144

ip6tables:
Chain num pkts bytes target prot opt in out source destination
No matches found for 188.138.118.144 in ip6tables
Temporary Blocks: IP:188.138.118.144 Port: Dir:inout TTL:900 (lfd - (mod_security) mod_security (id:960015) triggered by 188.138.118.144 (DE/Germany/s465.pingdom. com): 10 in the last 3600 secs)

What should I do so the IPs in csf.allow are not blocked for any reason. (not even temp blocks)

Thanks

[ForumAdmin]

You should put the IPs in /etc/csf/csf.ignore and then restart lfd. You could also use /etc/csf/csf.rignore instead of specifying IPs or ranges.

[MUmair]

You should put the IPs in /etc/csf/csf.ignore and then restart lfd. You could also use /etc/csf/csf.rignore instead of specifying IPs or ranges.

Okay. I will do that. So what's the point of having csf.allow ??
I mean when should I use csf.allow and when to use csf.ignore ???

[ForumAdmin]

csf.allow is used by csf for configuring the iptables rules. csf.ignore is used by lfd for ignoring blocks due to triggered events.