ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

csf messenger with country filter

https://mail.forum.configserver.com/viewtopic.php?t=12592

Page 1 of 1

csf messenger with country filter

Posted: 16 Aug 2022, 21:17
by seechiller
I’ve a running CSF installation with messenger service on CloudLinux 8, I’ve migrated it from iptables to ipset to use blocklists, works wonderfully. But now I have a problem which I cannot solve: if I use the variable CC_MESSENGER_ALLOW and enter any country code or more then I can no longer reach the messenger (v3) page from a blocked IP. I have made sure that CSF recognizes my country correctly, in ipset the IP is also entered in the MESSANGER cain:

Code: Select all

[root@da-dev2 csf]# ipset -L MESSENGER
Name: MESSENGER
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 504
References: 0
Number of entries: 1
Members:
217.16.1.2
If I change it back, from: CC_MESSENGER_ALLOW = "XY" to: CC_MESSENGER_ALLOW = "" the messenger service works again.

Am I missing something here?

Block command:

Code: Select all

[root@da-dev2 csf]# csf -d 217.16.1.2
Adding 217.16.1.2 to csf.deny and iptables DROP...
csf: IPSET adding [217.16.1.2] to set [chain_DENY]

[root@da-dev2 csf]# csf -d 217.16.1.2
deny failed: 217.16.1.2 is in already in the deny file /etc/csf/csf.deny 1 times


Check

Code: Select all

[root@da-dev2 csf]# ipset -L | grep 217.16.1.2
217.16.1.2
217.16.1.2
IP is listed twice because it is used in the chains MESSENGER & chain_DENY

The country filter seems to work otherwise because I have blocked a few countries and see the counter counts up. The goal is that IPs, that are on blocklists cannot unblock themselves.


Config

Code: Select all

MESSENGERV3 = "1"
MESSENGERV3LOCATION = "/etc/httpd/conf/extra/httpd-includes.conf"
MESSENGERV3RESTART = "service httpd restart"
MESSENGERV3TEST = "/usr/sbin/apachectl -t"
MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf"
MESSENGERV3WEBSERVER = "apache"
MESSENGERV3PERMS = "711"
MESSENGERV3GROUP = "apache"
MESSENGERV3PHPHANDLER = ""
Does one of you have an idea for this? Thanks

Re: csf messenger with country filter

Posted: 07 Nov 2022, 17:01
by pointer
Hello,

i have just enabled the option and having the exact same issue. Did you ever find out a way to use CC_MESSENGER_ALLOW with messenger (v3) or can this be confirmed as a bug :)

Thank you
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited