CSF blocking IPs, but users can still visit website

[specialkev]

As the title says, we have CSF running and successfully blocking IPs from .htaccess based login failures. We are running nginx, but we have updated the log file locations to our nginx logs and CSF is working great. IPs are auto added to csf.deny after several failed login attempts.

Our problem arises in that users can still load up the website even after their IP has been blocked. They are locked out of SSH and probably other system services, but can continue to load the page and perform attacks. How can we change the CSF configuration so that requests to the website are also denied when an IP is blocked?

[jcats]

What does this show:

# service iptables status|grep 123.123.123.123

obviously replace with 123.123.123.123 with the blocked IP

[specialkev]

I had to alter your command a bit, but here is what I'm seeing with iptables -L

Chain DENYIN (1 references)
target prot opt source destination
DROP all -- 17x-21x-xx-xx.region.isp.tld anywhere

Chain DENYOUT (1 references)
target prot opt source destination
DROP all -- anywhere 17x-21x-xx-xx.region.isp.tld anywhere



There are other rules in the chains that have proper IPs, but for the listing created by my failed logins, it's stored in 17x-21x-xx-xx.isp.region.tld for some reason.

[jcats]

Hmm, what if you do

#csf -dr ipaddress
then
#csf -d ipaddress

does it still block by hostname?