Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
my python script it use requests lib , requests to graph.facebook.com (with alot of requests per seconds )
catch error showing :
HTTPSConnectionPool(host='graph.facebook.com', port=443): Max retries exceeded with url: /me/ (Caused by NewConnectionError(' : Failed to establish a new connection: Connection refused'))
when disable csf csf -x , it working perfectly.
all value of tcp_out, udp_out,...
I really much appreciated and want to thank you for the implementation of iptables-nft support.
As CPanel's Host Access Control dialogue on Rocky Linux 9.2 and WHM 114 showed errors I solved that by removing firewalld and installing iptables-nft. CSF and Host Access Control both work now without problems.
While reading about nftables I stumbled about the following Redhat documentation stating...
Hi,
I see that Debian 12 isn't yet listed on the working distros, but not sure where to report this from my testing. Following my test server being updated to Deb 12 (Bookworm), CSF appears to work, but LFD fails to read logs. I get the failed SYSLOG email warnings - although it is writing the check code to SYSLOG, it's not able to read it. Looking at the debug log under debug level 2 every log...
I think it's a strage thing, but csf is dropping my httpd service each minute. When csf is disable, apache works fine.
I don't have any crond running every minute.
Hello,
i am facing a big problem?
I am using csf with cpanel / whm .
Please take a look at this part of the exim_mainlog which indicates some of the 4000 dovecot failed logins over the last 5 days. :
Line 118101: 2023-09-15 06:54:10 dovecot_login authenticator failed for 107.40.3.213.static.wline.lns.sme.cust.swisscom.ch :43582: 535 Incorrect authentication data (set_id=abuse@domain.com)
Line...
MaxMind will begin requiring HTTPS for GeoIP download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of this policy on October 17, 2023.
Could the devs kindly advise if CSF is interacting with MaxMind over HTTPS already?
When adding a new ip to the allow list using csf -a, the rule seems to be isnerted into IPTables, however, its not being honored. We still see blocking messages in syslog.
Rebooting is the only way I have found to clear it. Disabling fasstart did not work, enable/disable did not work.
Hello all!
I have problem with CFS. almal 8.8+DA. CSF shows:
You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:
Affected PHP versions:
/usr/local/php56/lib/php.ini...
If an IP starts gobbling up server resources by hitting a website multiple times, can we use CSF to rate limit them ? What I mean is, to slow the resource allocation to that IP if it is hitting the server multiple times.
I currently have an Apache box with linux CentOS7 and I also use Mod Sec.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum