ConfigServer Community Forum

Blocking countries in CC_DENY from Country Code Lists and Settings blocks access to some domains and their websites on the VPS.
We have to restart CSF to gain access, and so every time we are unable to access without making any changes to CC_DENY, we have to restart CSF again.

Using ConfigServer Security & Firewall 14.24

For some reason CSF/LFD isn't sending out emails notifications for Webmin logins.

SSH notifications work fine.
Se do email test from the CLI.

The option to send alerts is set to Enable: LF_WEBMIN_EMAIL_ALERT = 1

RESTRICT_SYSLOG is set to 3.

Any suggestion would help.

Hello all,

I have been grappling with understanding why some of my sites on my server are always sending me these suspicious process emails (via CSF) related to php-cgi and php-fpm. It appears to me that the issue most of the time is related to an outbound network connection the script has opened. In this specific instance, the remote connection is to 172.64.145.91:443 which is a CloudFlare...

Recently we've added the UptimeRobot IPs from to our CSF allow list (using Include of a separate file).

For each IP, we've added icmp|in|d=ping|s= and tcp|in|d=80,443|s= .

On some servers running CloudLinux 8 with cPanel, we've got this error after restarting CSF:
csf: IPSET creating set chain_ALLOW
csf: IPSET creating set chain_6_ALLOW
csf: FASTSTART loading csf.allow (IPv4)
csf: FASTSTART...

We are trying to block access to a web server when there is no user agent and not referrer. Example log lines look like this;

40.##.##.## - - GET /wp-admin/css/colors/Admin-Author.php HTTP/1.1 500 17551 - -

The code we put in regex.custom.pm is like this:

if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ / - - $/)) {
return ( No User Agent ,$1, UserAgent , 20 , 80,443 , 3600 );
}...

Hello,

We'd like to use the LF_APACHE_404 option to block IP's getting multiple 404 errors. The issue is it appears to be based on HTACCESS_LOG and that is set to /usr/local/apache/logs/error_log. Even if that was pointing at the access log, it's the main Apache log, not the hosted site logs. What would the side effects be if we change that to be /var/log/apache2/domlogs/*/* ?

Thanks in advance

Hello,

I'm experiencing an issue where the custom firewall script csfpost.sh is no longer executed automatically, likely after the recent cPanel or CSF update on March 19, 2025.

Environment:

cPanel servers running CloudLinux 8 & 9
Imunify360 installed
ConfigServer Firewall (CSF) / LFD enabled
The script (/etc/csf/csfpost.sh) contains custom iptables rules, for example, to allow outgoing...

We have recently been having an issue with JetBackup restoration processes getting kill by CSF. If we disable CSF the restoration process goes off without a hitch. Troubleshooting with CPanel and Jetbackup we narrowed this down to CSF killing the mongod process for JetBackup.

So per JetBackup support we placed exe:/usr/local/jetapps/usr/bin/mongod in the pignore file. This worked for a while but...

Hello,

I'd like to test a custom rule in regex.custom.pm, whats the best way to test this manually, so I can debug it?
I added a print statement in there, however it's not being shown if I run /etc/csf/lfd.pl -f .

Thanks

Hello,

To spot some hacked websites and some virus, I'd like to have a log of all outgoing traffic on a list of specific ports. Is this achievable on CSF or I have to manipulate directly iptables?

Thanks in advance.

I have an AlmaLinux 8 server running CSF + LFD, using ipset for a larger corpus. Load looked very, very high, and I noted in the web server logs that IPs which were blocked in CSF were hammering some of my domains. So I did a systemctl status on iptables. It responded that iptables was dead . systemctl status csf showed that CSF was running.

I did a systemctl iptables start , and load plummeted...

OS type and version Debian Linux 12
Virtualmin version 7.30.4 Pro

I’ve installed CSF (Firewall version 14.24) following:

I’ve configured it, checked and followed the information from a previous discussion.

Firewall status : Enable and running

perl /usr/local/csf/bin/csftest.pl
Say everything is ok.

Check security : Server Score: 39/39

Watch System Log has output (all 4)

Mar 8 21:27:59...

At I see 2 buttons View lfd statistics and view system statistics.

These are not displayed on my CSF. (Installed on Debian12)
Is there something to be done at csf.conf ?

PS : I have a log issue (

Hi,

I recently added Abuse IP DB to my CSF blocklists file as I've seen an increase in web scanning, and all of the source IPs were listed on AbuseIPDB, so I figured it may be a good source to add to CSF blocklists..

I noticed some unwanted traffic this morning, and the IP was on AbuseIPDB, so I started digging and found that the csf.block.abuseipdb file in /var/lib/csf only contains around...

Hi all,

Used the CC_DENY option to block AS16276 since some bots hosted there are hammering my site.

Noticed email to some users can no longer be delivered, seems that their mail server is hosted on AS16276 (mail.ovh.net).

Is there any solution to fix both problems? Continue to block AS16276 but allow mail to be delivered?

R=lookuphost T=remote_smtp defer (110): Connection timed out...