Page 1 of 1

CSF and PCI Scans

Posted: 14 Dec 2012, 21:32
by locallinux
First of all, I can not tell you how much I love CSF, so please do not take this the wrong way.

We have a large number of customers who get PCI scanned, and it always happens the same way:

1. Scanning company scans website without telling us, and they get blocked (yeah CSF)
2. They complain to the customer who complains to us.
3. Only solution is to add their IP address into csf.allow, thus allowing them to bypass the firewall
(We have tried adding them in csf.ignore, but they are sending bad packets and scanning for open ports, so csf is blocking them for that)
4. Once they are past the firewall, they are allowed to scan again, and OH MY GAWD they report that everything is wide open, and the customer throws a fit.
5. Hours of explaining how the report is wrong.

Is there a way to create a csf.scanallow file that would house the IP addresses that are allowed to scan our server, but not bypass the firewall?

Again, LOVE CSF, HATE PCI compliance companies.

Re: CSF and PCI Scans

Posted: 24 Jul 2014, 20:40
by DrTyrell
1. verify IGNORE_ALLOW = 0
2. restart if necessary
3. add the IP(s) to csf.ignore
4. restart

If they can't deal with it, they're not interpreting their results correctly.