Page 1 of 1
csf blocks random IPs even my own IP
Posted: 02 Dec 2015, 15:51
by farsgsm
Im using ConfigServer Security & Firewall - csf v8.08
csf deny some IPs randomly, and i get no email from CSF for blocking that IP
It even blocks my own using IP also and it force me to go to WHM and do Firewall Restart.
and then problem resolve.
I even check those blocked IPs in Firewall Deny IPs , but i see those IPs not listed.
I dont know why this happens, please help me
sometimes my users call me and ask why they cant reach the server, and i ask them their IP address and check IP in csf deny IP lists but cant find those IPs in the list
after that I simply do a Firewall restart, and then they can reach the server
Re: csf blocks random IPs even my own IP
Posted: 04 Dec 2015, 14:11
by TheThemeBuilders
Hi
We are experiencing similar problems with this version of the software. Customers who never had any previous issues are reporting they cannot connect, and if we check the csf.deny, we find that they are being blocked under the CT_LIMIT rule, although historically they never previously had an issue.
Sometimes we cannot even find a rule quoted, just "xxx ip found to have 107 connections" and in a screenshare, all they have tried to do is get to the homepage of the website.
Something is awry in this build I think. But we are doing more investigation and once I have more info I will report back which I think that will not be until next week fyi.
Re: csf blocks random IPs even my own IP
Posted: 04 Dec 2015, 15:55
by marcele
TheThemeBuilders wrote:
Sometimes we cannot even find a rule quoted, just "xxx ip found to have 107 connections" and in a screenshare, all they have tried to do is get to the homepage of the website.
Well that looks like your issue. In my experience setting a limit of 100 connections is way too low. A small business with just 10 employees behind a single IP address can easily put the connection limit well over 100+. Remember that The CT_LIMIT is using the "total" number of connections so that includes IMAP, web (every asset can open another connection) etc. Normally on a busy server I have the connection limit set above 300 and sometimes higher. If you want to limit the ports that are included in the CT_LIMIT then you have to set the CT_PORTS config item. We haven't seen anything out of the norm for the latest build.
Re: csf blocks random IPs even my own IP
Posted: 19 Dec 2015, 06:54
by farsgsm
CT_LIMIT should list blocked IPs
but we can't find blocked ip in the list.
the problem will resolve whenever we restart firewall.