Sergio wrote: ↑11 Oct 2022, 20:06
To know if the rule is good, I need at least 2 log lines to check the rule.
But as far as I have checked with what you gave, that rule is not good. It takes a lot of time to check, I will never use this rule in my servers.
You have to remember that the server will be checking hundred of log lines in a few minutes and then your rules should be less than 1 or 2 milliseconds to run.
Your rule takes 1,060 steps that uses 5ms to run.
On my servers I have a rule just for ModSecurity that runs faster 712 steps and 1ms:
in this rule, normaly it will ban for 604800sec = 7 days, but I find csf add that IP in to csf.deny, so is that mean something wrong?
or this is normal, csf will delete that ip after 7 days?
For me, as it is a temporary block, it is not saved in any file.
I think that the IP is just added directly to the server iptables, that makes a lot of sense.
Last edited by Sergio on 31 Oct 2022, 14:18, edited 1 time in total.
Sergio wrote: ↑31 Oct 2022, 13:49
For me, as it is a temporary block, it is not saved in any file.
I think that the IP is just added directly to the server iptables, that makes a lot of sense.
So, in CSF you can use the "Temporary IP Entries" to see if there are any and it will show you the IP.
Thanks, I was confirm my rules all go to csf.deny and not in "Temporary IP Entries" page.
I think I need to check my csf configuration
Can you tell me in your csf's configuration LF_CXS_PERM value?
I was set to 1, I think this is the reason
* ERRATA:
You will only see in "Temporary IP Entries" the ones that you saved in there.
The ones that are created automatically by CSF rules will not be shown in there, sorry my mistake on that statement.
Sergio wrote: ↑31 Oct 2022, 14:20
* ERRATA:
You will only see in "Temporary IP Entries" the ones that you saved in there.
The ones that are created automatically by CSF rules will not be shown in there, sorry my mistake on that statement.
