ConfigServer Community Forum

Posted: **18 Nov 2008, 21:50**

On the Messenger protion I know we can edit the messenger files. I was wonder if there was a way to dynamically put text into the messenger to say why it was bloked.

For example in the csf.deny we put

196.168.0.0/10 #Trying to inject hacking scripts

Could messenger pull the text past the # and in the code we could have something like:

Our firewall blocked your IP because <block_reason> etc...

And possibly even a date??

Just wondering if this might be a doable enchancement and what others thought.

Posted: **28 Nov 2008, 10:11**

There are security implications with being able to display the reason for a block in two areas:

1. It's usually not a good idea to tell a hackers why they were blocked (even if it is helpful in a false-positive situation)

2. It would mean a compromise on the security of the lfd Messenger daemon which loads the initial data (web page and images) into memory and then drops all privileges to the non-priv user it runs under. As the non-priv user it doesn't have any access to the csf files which contain the details of the block (they're only accessible by root)