ConfigServer Community Forum

So the conclusions here are: 1. Even though the initial connection to the Parallels/Odin server is outgoing, any incoming traffic even if it originates from the outgoing session, will be blocked. 2. To provide an exception to CSF it must be placed in csf.ignore as csf.allow won't get around the CC r...

Hey there, We had an issue wherein a server couldn't reach the Plesk licensing server, even with port 5224 added to the egress rules. We had RU added to the CC_DENY config which was very clearly the cause (I found the blocked range in iptables). After removing RU from CC_DENY, all worked fine. I had...

Sorry I didn't keep up with this until now! The reason I said Plesk is simply that Plesk automatically separates all apache logs into per-domain logging for better access to end-users (if you have clients that want to see their own log files basically). But as you've mentioned this will be the same ...

The documentation (readme.txt) states: However, you can also set up a cluster such that some members only provide notifications to others and do not accept blocks from others. For example, you may have a cluster of servers that includes one that hosts a support desk that you do not want to block cli...

Here's the regex that worked for me! Enter this in /etc/csf/regex.custom.pm #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~...

Hi there, I'm trying to do the same thing. The modsec rules are working as they should be, but in my case I'm pretty confident the problem is the way Plesk handles apache logging. Plesk is logging to a separate log file for each domain (good for client access to logs, not good for lfd parsing). LFD ...