Search found 97 matches

by aww+
17 Oct 2017, 21:55
Forum: Suggestions (csf)
Topic: feature idea, also add ip block to cloudflare firewall via api
Replies: 4
Views: 2114

Re: feature idea, also add ip block to cloudflare firewall via api

just noticed the readme for version 11

you all are absolutely amazing, thank you for all your work over the years

I hope someday some wealthy corporation throws lots of money your way (but still keeps your free software free to keep everyone safer)
by aww+
26 Sep 2017, 18:01
Forum: General Discussion (csf)
Topic: Csf Does Not Block Attacks from Cloudflare
Replies: 4
Views: 2014

Re: Csf Does Not Block Attacks from Cloudflare

Apache module "mod_cloudflare" (https://www.cloudflare.com/technical-resources/#mod_cloudflare) will make the "bad IPs" hidding behind cloudflare to appear in the apache error/access logs i assume. And the CSF is watching error_log so it can ban this bad IP, so i assume when this happen, the bad vi...
by aww+
25 Sep 2017, 16:41
Forum: General Discussion (csf)
Topic: Csf Does Not Block Attacks from Cloudflare
Replies: 4
Views: 2014

Re: Csf Does Not Block Attacks from Cloudflare

I'm just another CSF user but I can answer this question for you because I am dealing with the same problem and understand what is happening basically CSF/LFD just sets up the linux iptables firewall, which normally can only inspect the true, native incoming IP address in this case the incoming ip a...
by aww+
23 Sep 2017, 22:23
Forum: Suggestions (csf)
Topic: feature idea, also add ip block to cloudflare firewall via api
Replies: 4
Views: 2114

Re: feature idea, also add ip block to cloudflare firewall via api

ps. it definitely would add cpu overhead and not work for https connections but it might also be possible to do deeper inspection of packets via the linux firewall to block the true ip passed from cloudflare in the http headers before it even gets to server software or php
by aww+
23 Sep 2017, 22:13
Forum: Suggestions (csf)
Topic: feature idea, also add ip block to cloudflare firewall via api
Replies: 4
Views: 2114

feature idea, also add ip block to cloudflare firewall via api

it's possible to do this from a simple bash command but it might be useful to less skilled users to have an option where LFD can also add an ip ban to cloudflare when the user provides an api key https://api.cloudflare.com/#user-level-firewall-access-rule-create-access-rule might be too much to main...
by aww+
19 Sep 2017, 18:21
Forum: General Discussion (csf)
Topic: https url in blocklists "cannot assign requested address"
Replies: 6
Views: 1744

Re: https url in blocklists "cannot assign requested address"

this solves it, I am not sure why LWP is grabbing the wrong local address only for SSL push(@LWP::Protocol::http::EXTRA_SOCK_OPTS, "LocalAddr" => "1.2.3.4" ); where 1.2.3.4 is the local machine internet address of course the version of LWP on centos6 base is too old to support the LWP "local_address...
by aww+
19 Sep 2017, 17:58
Forum: General Discussion (csf)
Topic: https url in blocklists "cannot assign requested address"
Replies: 6
Views: 1744

Re: https url in blocklists "cannot assign requested address"

This is actually a better representation of what happens: that simple test does fail with that exact "assigned address" error, so this has to be something very basic and not CSF/LFD's fault maybe I have a bad library install or something is outdated or there is a bad rule in the firewall somewhere ...
by aww+
18 Sep 2017, 15:52
Forum: General Discussion (csf)
Topic: watching an ip get through a CIDR block in CSF 10.25
Replies: 7
Views: 1867

Re: watching an ip get through a CIDR block in CSF 10.25

update - you were right, I totally forgot to check but the client had activated caching with cloudflare we had only been using them for dns but someone switched on the reverse proxy so cloudflare is stupidly forwarding all requests from their IP and of course we cannot block them have to look into a...
by aww+
18 Sep 2017, 15:16
Forum: General Discussion (csf)
Topic: https url in blocklists "cannot assign requested address"
Replies: 6
Views: 1744

Re: https url in blocklists "cannot assign requested address"

I appreciate the effort to research and come up with that code, sadly it didn't change the behavior exact https url can be fetched without problem from the server by wget curl (command line) php via file_get_contents($url) php via curl library can you give me minimal test code in perl to see if it i...
by aww+
16 Sep 2017, 18:39
Forum: General Discussion (csf)
Topic: https url in blocklists "cannot assign requested address"
Replies: 6
Views: 1744

https url in blocklists "cannot assign requested address"

http urls work just fine in the csf.blocklists but not https CentOS6 but all the proper libraries for Perl SSL have been installed "cannot assign requested address" not the normal error but a binding error for the local IP address - what would cause this? doing a wget for the https url from the comm...