ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Which rule should be triggered first CT_LIMIT/CONNLIMIT/PORTFLOOD?

https://mail.forum.configserver.com/viewtopic.php?t=12372

Page 1 of 1

Which rule should be triggered first CT_LIMIT/CONNLIMIT/PORTFLOOD?

Posted: 09 Jan 2022, 21:18
by RoldanLT
In what order does CSF will be triggered if I have this config set:

Code: Select all

CT_LIMIT = "100"
CT_INTERVAL = "10"
CT_SKIP_TIME_WAIT = "1"
CT_PORTS = "80,443"

SYNFLOOD = "1"

CONNLIMIT = "443;100,80;50"

PORTFLOOD = "443;tcp;20;3,80;tcp;20;3"
I also observe after adding CONNLIMIT and PORTFLOOD rule for port 443/80... CT_LIMIT doesn't work/block abused IP anymore.

Re: Which rule should be triggered first CT_LIMIT/CONNLIMIT/PORTFLOOD?

Posted: 11 Jan 2022, 23:27
by RoldanLT
When combined and both enabled, what are the suggested values for CT_LIMIT & CONNLIMIT?
Which one should be higher?

CT_LIMIT seems to stop blocking IP with both enabled.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited