Search found 16 matches
- 05 Jun 2015, 03:44
- Forum: General Discussion (csf)
- Topic: CountryCode blocks applying to outgoing as well?
- Replies: 2
- Views: 2709
Re: CountryCode blocks applying to outgoing as well?
So the conclusions here are: 1. Even though the initial connection to the Parallels/Odin server is outgoing, any incoming traffic even if it originates from the outgoing session, will be blocked. 2. To provide an exception to CSF it must be placed in csf.ignore as csf.allow won't get around the CC r...
- 01 May 2015, 03:08
- Forum: General Discussion (csf)
- Topic: CountryCode blocks applying to outgoing as well?
- Replies: 2
- Views: 2709
CountryCode blocks applying to outgoing as well?
Hey there, We had an issue wherein a server couldn't reach the Plesk licensing server, even with port 5224 added to the egress rules. We had RU added to the CC_DENY config which was very clearly the cause (I found the blocked range in iptables). After removing RU from CC_DENY, all worked fine. I had...
- 07 Sep 2013, 01:01
- Forum: General Discussion (csf)
- Topic: Help with LF_MODSEC
- Replies: 10
- Views: 18349
Re: Help with LF_MODSEC
Sorry I didn't keep up with this until now! The reason I said Plesk is simply that Plesk automatically separates all apache logs into per-domain logging for better access to end-users (if you have clients that want to see their own log files basically). But as you've mentioned this will be the same ...
- 07 Sep 2013, 00:54
- Forum: General Discussion (csf)
- Topic: Cluster Documentation Confusion, possible error?
- Replies: 1
- Views: 2473
Cluster Documentation Confusion, possible error?
The documentation (readme.txt) states: However, you can also set up a cluster such that some members only provide notifications to others and do not accept blocks from others. For example, you may have a cluster of servers that includes one that hosts a support desk that you do not want to block cli...
- 04 Sep 2013, 14:14
- Forum: General Discussion (csf)
- Topic: Help with LF_MODSEC
- Replies: 10
- Views: 18349
Re: Help with LF_MODSEC
Here's the regex that worked for me! Enter this in /etc/csf/regex.custom.pm #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~...
- 04 Sep 2013, 13:50
- Forum: General Discussion (csf)
- Topic: Help with LF_MODSEC
- Replies: 10
- Views: 18349
Re: Help with LF_MODSEC
Hi there, I'm trying to do the same thing. The modsec rules are working as they should be, but in my case I'm pretty confident the problem is the way Plesk handles apache logging. Plesk is logging to a separate log file for each domain (good for client access to logs, not good for lfd parsing). LFD ...