IP address in csf.blocklist and csf.allow
Posted: 20 Jun 2017, 01:14
Hello,
I use scanmyserver.com to do an audit of my server. I was looking through the ModSec logs and saw an IP address that was there more than five times, performing a scan. I was curious as to why csf hadn't blocked them. So I went into the GUI and searched for the IP and then realized the IP belonged to scanmyserver, however, the IP address is also listed in the GreenSnow blocklist.
How does CSF / LFD normally handle something like this? Where I list an IP address in the csf.ignore and csf.allow configuration files, but a blocklist also has the IP address listed? Will it sometimes block the connection, or will it always let it through or is it undefined behaviour?
Thank you.
I use scanmyserver.com to do an audit of my server. I was looking through the ModSec logs and saw an IP address that was there more than five times, performing a scan. I was curious as to why csf hadn't blocked them. So I went into the GUI and searched for the IP and then realized the IP belonged to scanmyserver, however, the IP address is also listed in the GreenSnow blocklist.
How does CSF / LFD normally handle something like this? Where I list an IP address in the csf.ignore and csf.allow configuration files, but a blocklist also has the IP address listed? Will it sometimes block the connection, or will it always let it through or is it undefined behaviour?
Thank you.