Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
I'm having difficulty with getting SMTP auth failures detected by LFD. I believe this is partially due to Postfix on Ubuntu not reporting the rhost in the /var/log/auth.log file. Here's an example:
Hello.
When I activate cfs and Fail2Ban, Fail2Ban does not send me detailed information like the one I attached in the email. When I disable cfs it sends.
VPS Server virtualmin for ubuntu 22.04
This started happening and I am not sure what I am missing at the moment. csf.deny is now cleared and I have created an /etc/csf/csf.cloudfront.allow with their full range of IPs and included reference to it in the csf.allow and restarted but I am still seeing timeouts. As soon as I turn off csf, it loads right up. I have also made sure flooding options are disabled but still encountering this...
Hello , I'm getting this message in my email from the cron daemon: Oops: Unable to download: Can't connect to download2.configserver.com:443 (Connection timed out) . now 433 is open and I don't see the cron job in the cron job area of cPanel. I've whitelisted the config server IPs too in CSF. is there a cron job script i can add to the cron job lists in cPanel? Thank you for the help! :)
I have a member on the server that uses google ads. Google is reporting http 500 error for the url's, even though they work fine. They are saying their IP(s) are being blocked. I downloaded a list of all of their IP's and CIDR's (about 300) and added them to the whitelist by editing the allow list. But the problem is still there. I found that if an IP is in the deny list and I add it to the allow...
Hi,
yesterday I updated cpanel and centos on a couple of servers and, after that update, CSF CC_IGNORE is not working.
I had CC_IGNORE for my country working for a long time until yesterday and, after that update, all servers have this issue now.
I'm reporting a persistent issue I've been experiencing with ZeroTier connectivity when the CSF is active on my Linux system. Despite my attempts to configure the firewall to allow ZeroTier traffic, ZeroTier does not function as long as CSF is active.
Here's what I've done so far:
I have allowed all UDP traffic in both UDP_IN and UDP_OUT sections of my CSF configuration.
I have opened...
Hi Guys
I've been trying for a month to stop LFD warnings from legitimate PHP scripts that are run from cron, but none of the suggestions I've found are working.
I've tried ...
In /etc/csf/csf.signore
/path/to/script.php
In /etc/csf/csf.pignore
cmd:php /path/to/script.php
exe:/path/to/script.php
exe:/opt/cpanel/ea-php72/root/usr/bin/php-cgi /path/to/script.php
exe:/bin/bash -c /usr/bin/php...
We are running new cPanel install on AlmaLinux via Lightsail Instance.
Configuration:
Access to WHM and cPanel is limited to single static IP
SSH port remains as 22
SSH root login disabled
The following services are enabled and working:
MySQL is bound to 127.0.0.1
2-factor authentication for WHM
Security Advisor: all in ‘green’
ImunifyAV: No malware found in scans...
Hi all,
Where does csf keep the list of blocked emails that are associated with IP address?
I remember on one of my previous csf installations I had the ability to see blocked emails and from which IP addresses these emails tried to connect but now I can't find it on this new server.
I have installed CSF firewall on Centos Stream 9 on my VPS server successfully without errors.
However, after I set some IP ranges in this file:
$ vi /etc/csf/csf.allow
like:
###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com...
We received this notice from Maxmind and would like to know how it affects us using CSF?
As of Wednesday, May 1, 2024, we will use R2 presigned URLs for all database downloads in order to increase the security and reliability of our services.
This is a potential breaking change. Please ensure that your servers can make HTTPS connections to the following hostname:...
Hello, I am a new CSF user. I am using Almalinux 8.9 and cpanel. I have successfully installed CSF. But I couldn't achieve my main goal.
I want to block all requests coming directly to my server's ip address. But I want to allow 3-4 ip addresses.
I allowed my own ip addresses in the CSF interface. And I entered 0.0.0.0.0/0 in the Deny field to block all other traffic. but this time the traffic...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum