LF_APACHE_404 doesn't block

Post Reply
breonet
Junior Member
Posts: 2
Joined: 13 Oct 2010, 10:12

LF_APACHE_404 doesn't block

Post by breonet »

Hi all,

I installed csf on a fresh server, without cpanel or webmin, and I'm using it correectly. LFD seems to work fine, and the SMTP login failures part of csf too.

The problem is when activating the option:
LF_APACHE_404 = "100"
LF_APACHE_404_PERM = "600"

I receive a lot of 404 errors (maybe a DoS attack) but csf doesn't ban the ip.

How does csf blocks the ip? What criteria does csf follow? Maybe my access_log is being recorded on a different way and csf doesn't detect the 404 errors (that these are loged), like this:

xx.xx.xx.xx - - [11/Jul/2014:18:26:33 +0200] "POST /dir/file.php HTTP/1.1" 404 42120 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
xxx.xx.xxx.xxx - - [11/Jul/2014:18:26:33 +0200] "GET /dir2/file2.bin HTTP/1.1" 404 41561 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)"

Thanks a lot for your help.
hominhdat
Junior Member
Posts: 1
Joined: 12 Dec 2014, 18:21
Contact:

Re: LF_APACHE_404 doesn't block

Post by hominhdat »

I have the same issue. Firewall csf still not block
I use regex custom file and set regex like this:
if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\d+\.\d+\.\d+\.\d+\s+\S+\s+\S+ \[.*\] ".*" \d+ (297|9359|300|279) ".*" ".*"/) {
return ("deny ",$1,"ddos","1","8080,80","1");
}

CUSTOM3_LOG is /var/log/httpd/accesslog
miguelandroidcsf
Junior Member
Posts: 6
Joined: 17 Apr 2020, 10:43

Re: LF_APACHE_404 doesn't block

Post by miguelandroidcsf »

I Have the same issue.

Need any special regex custom to this work?

Code: Select all

33.33.33.33 - - [1/Aug/2022:09:50:00 +0100] "GET /test HTTP/1.1" 404 518 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0" 
Post Reply