CSF and PCI Scans

Post Reply
locallinux
Junior Member
Posts: 1
Joined: 14 Dec 2012, 21:21

CSF and PCI Scans

Post by locallinux »

First of all, I can not tell you how much I love CSF, so please do not take this the wrong way.

We have a large number of customers who get PCI scanned, and it always happens the same way:

1. Scanning company scans website without telling us, and they get blocked (yeah CSF)
2. They complain to the customer who complains to us.
3. Only solution is to add their IP address into csf.allow, thus allowing them to bypass the firewall
(We have tried adding them in csf.ignore, but they are sending bad packets and scanning for open ports, so csf is blocking them for that)
4. Once they are past the firewall, they are allowed to scan again, and OH MY GAWD they report that everything is wide open, and the customer throws a fit.
5. Hours of explaining how the report is wrong.

Is there a way to create a csf.scanallow file that would house the IP addresses that are allowed to scan our server, but not bypass the firewall?

Again, LOVE CSF, HATE PCI compliance companies.
DrTyrell
Junior Member
Posts: 1
Joined: 24 Jul 2014, 20:30
Location: United States

Re: CSF and PCI Scans

Post by DrTyrell »

1. verify IGNORE_ALLOW = 0
2. restart if necessary
3. add the IP(s) to csf.ignore
4. restart

If they can't deal with it, they're not interpreting their results correctly.
Post Reply