Search found 12 matches
- 16 Jan 2017, 19:48
- Forum: General Discussion (csf)
- Topic: Allow IP Range To Port in csf.allow
- Replies: 4
- Views: 4822
Re: Allow IP Range To Port in csf.allow
No other ideas? I would think there has to be a way to ensure the csf.allow is called before the csf.deny, but it doesn't seem to be the case.
- 11 Jan 2017, 19:33
- Forum: General Discussion (csf)
- Topic: Allow IP Range To Port in csf.allow
- Replies: 4
- Views: 4822
Re: Allow IP Range To Port in csf.allow
Don't exactly want to trust the range as I don't want them to be able to access some ports or brute force things like SSH.
Just want them to always be able to access port 80 and port 443. But if they are brute forcing SMTP or POP, those would be blocked upon trying to do so.
Just want them to always be able to access port 80 and port 443. But if they are brute forcing SMTP or POP, those would be blocked upon trying to do so.
- 10 Jan 2017, 22:41
- Forum: General Discussion (csf)
- Topic: Allow IP Range To Port in csf.allow
- Replies: 4
- Views: 4822
Allow IP Range To Port in csf.allow
First question: How are the rules applied? Is the csf.deny applied first and then csf.allow - or is csf.allow applied first? Here is my issue. In the csf.allow file, I have IP ranges allowed for port 80 and port 443 - idea is to prevent them from being blocked: tcp|in|d=80|s=1.1.1.0/24 tcp|in|d=443|...
- 23 Apr 2014, 18:33
- Forum: General Discussion (csf)
- Topic: Allow PPTP / GRE
- Replies: 2
- Views: 3143
Re: Allow PPTP / GRE
Resurrecting this question to see if anyone can provide assistance.
In essence, is there a file within the CSF config that allows me to specifically put in additional IPTABLES rules? If so, I could open up the GRE protocol myself by using an IPTABLES rule.
Thank you
In essence, is there a file within the CSF config that allows me to specifically put in additional IPTABLES rules? If so, I could open up the GRE protocol myself by using an IPTABLES rule.
Thank you
- 31 Mar 2014, 21:03
- Forum: General Discussion (csf)
- Topic: Brute pop3 logins attack from one IP not blocked
- Replies: 2
- Views: 2712
Re: Brute pop3 logins attack from one IP not blocked
It might depend upon what you are using as the POP3 / IMAP server. I installed CSF on our servers over the weekend. Noticed that some things did get blocked correctly (like CERTAIN FTP attempts) but others didn't. In the end, I had to add items to the custom.regex.pm file and create new regex entrie...
- 30 Mar 2014, 19:31
- Forum: General Discussion (csf)
- Topic: LF Temp to Permanent Ban
- Replies: 1
- Views: 3123
Re: LF Temp to Permanent Ban
Was able to answer this on my own after fixing the issue on how to block 401 errors in Apache. Needless to say, you will set the specific "PERM" setting (such as LF_FTPD_PERM) to the temporary block amount - such as 300 seconds (5 minutes). The the Temp-to-Perm settings will watch and once...
- 30 Mar 2014, 18:53
- Forum: General Discussion (csf)
- Topic: Stop 401 Attacks in Apache
- Replies: 2
- Views: 3258
Re: Stop 401 Attacks in Apache
Fixed. Found another post that referenced a site I could use to check RegEx. Link to the RegEx checker: http://regex101.com/r/uO1vS2 Here is the RegEx if you want to be able to block those getting 401 errors in Apache: #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{...
- 30 Mar 2014, 18:32
- Forum: General Discussion (csf)
- Topic: Stop 401 Attacks in Apache
- Replies: 2
- Views: 3258
Re: Stop 401 Attacks in Apache
I added this to the regex.custom.pm log - doesn't seem to work. Just need some help figuring out how to make a regex to find these. Here is the code: #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^(\S+)\ (.*) 401 (.*)/)) { $ip = $1; $acc = ...
- 30 Mar 2014, 17:07
- Forum: General Discussion (csf)
- Topic: Stop 401 Attacks in Apache
- Replies: 2
- Views: 3258
Stop 401 Attacks in Apache
Getting hundreds of these attacks:
82.98.162.20 - - [29/Mar/2014:23:59:07 -0500] "GET /administrator/index.php HTTP/1.0" 401 -
I have enabled the HTACCESS and MODSEC and set the log files to the proper place, but these are not being stopped.
82.98.162.20 - - [29/Mar/2014:23:59:07 -0500] "GET /administrator/index.php HTTP/1.0" 401 -
I have enabled the HTACCESS and MODSEC and set the log files to the proper place, but these are not being stopped.
- 30 Mar 2014, 15:28
- Forum: General Discussion (csf)
- Topic: DirectAdmin virtual domain error logs not included.
- Replies: 12
- Views: 12165
Re: DirectAdmin virtual domain error logs not included.
Resurrecting an old thread here. Has the support for file globbing been put in place for the HTACCESS_LOG? Looking to set the HTACCESS_LOG and MODSEC_LOG to these: /path/to/*/logs/error*.log Want to be sure that CSF will open all files that start with "error" and end in ".log" th...