Page 1 of 2
Permanently Block IP or CIDR
Posted: 13 Dec 2008, 04:47
by bst11
How about a feature to permanently block IP by putting them in something like csf.pdeny
Right now if the deny_ip_limit is set at 100 and then if all the 100 IPs are filled up and CSF starts removing from the oldest IP blocked order the ones at the top get removed. But there are certain IPs which I would like to keep permanently blocked even if the limit has been reached and csf removes the oldest banned IPs, I wouldn't mind if 1 IP is permanently blocked and now I got only 99 remaining within which csf rotates the other blocked IPs.
Posted: 13 Dec 2008, 05:06
by ckh
I think the global_deny file would be a good solution.
Posted: 13 Dec 2008, 05:23
by bst11
Hi Chris
Thanks for the solution. I am aware of Global_deny but my concern is the security of having a list web accessible. Since the URL is accessible through the browser, if someone manages to access the domain www folders (through FTP for example) and modify the list it can create some problems. That's why I would like to have a csf.pdeny file which is in /etc/csf that is outside of the public_html and not accessible by any browser or visitor to see what ranges or IP are blocked or be capable of editing it under any circumstance.
Posted: 13 Dec 2008, 09:09
by ckh
I don't know how a list of IP's would be insecure but if you are that concerned about it, just name the file something really obscure that couldn't be guessed.
If someone gets your ftp information or otherwise gets access to the file, you are going to have worse problems to worry about than a list of IPs.
Posted: 16 Dec 2008, 10:13
by docenta
Amazing, just like to offer the same - permanent deny. Mean .pdeny where the IPs will not be wiped when the limit is reached. A very good addon I think.
Thanks,
Posted: 16 Dec 2008, 17:20
by chirpy
There'll be a feature in the next release to stop DENY_IP_LIMIT from removing specified entries in csf.deny
Posted: 08 Apr 2009, 14:34
by robm
Was this feature ever added? Not sure if the csf.gdeny file is the solution? Thanks.
Rob
Posted: 15 Apr 2009, 09:48
by chirpy
Posted: 17 Apr 2009, 01:30
by robm
Doh! Completely missed that. Thanks for pointing it out.
Rob
Re: Permanently Block IP or CIDR
Posted: 09 Aug 2016, 03:14
by halimzhz
Dear CSF,
I understand this is the old thread, i try to refer to the link above but theres nothing about where i can get the tip to permanent block the IP instead of csf.deny
Please help. TQ