ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Change permanent block to temporary

https://mail.forum.configserver.com/viewtopic.php?t=7909

Page 1 of 1

Change permanent block to temporary

Posted: 10 Jun 2014, 16:55
by DanH42
I'm using a subset of the OWASP ruleset, and I'm still getting lots of false positives. Almost every time that happens, the IP responsible gets a permanent block in iptables, which I think is a little strict even if they were trying to attack the server.

I've tried Googling around a bit, and I can't find a way to make bans temporary. I think a block of 5~30 minutes would be reasonable.

Re: Change permanent block to temporary

Posted: 10 Jun 2014, 20:22
by DanH42
Update: I asked the same question on the cPanel forums, and found out there's a setting for this in CSF:

Code: Select all

LF_MODSEC = "10"
LF_MODSEC_PERM = "300"
This would block for 5 minutes (300 seconds) after modsec rules being triggered.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited