Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
I have a bunch of DirectAdmin servers that have modsecurity installed through custombuild 2.0. I can't get CSF to block the denials by modsecurity and would appreciate some help with this. Modsecurity is working according to the audit log but some of the attacks are rather heavy and blocking in the firewall is preferred.
I have some blocking rules set up in csf.blocklists including a paid API key for IPDB with a limit set to 100000 (one hundred thousand). Can you give me some general guidance on other blocks to allow for my server? it is a fairly large VPS with 8 GB of Ram.
I am running a server to provide DNS to my public IP subnet. I want the server to be able to get NTP, OS updates, send email, etc, but only allow incoming tcp/udp/53 from my public subnet. My goal is to block all incoming requests and only allow DNS requests incoming from my subnet 1.2.3.0/24.
Since by default it blocks all and only allows ports I open, I believe it have the ports configured...
I have really weird issue i installed csf to a new server. when user run pm2 to run node app. it runs successfully as soon as the user logout of the cpanel the process disappear.
kindly note that this only happen with cpanel user if i run the command with the root and log out it will work fine
Hi, Is there a way to permanently set up an email to receive warnings about firewall attacks or problems that could endanger the system?
I'm new to ConfigServer firewall & security, so I need to share your experience.
Thanks!
# An alternative to CC_ALLOW is to only allow access from the following
# countries but still filter based on the port and packets rules. All other
# connections are dropped
OS: AlmaLinux 8.5 cPanel 102.0.14
also using it with Proxmox Virtual Environment 7.2.
Debian 11.3 Bullseye but using a newer Linux kernel 5.15.30,
QEMU 6.2, LXC 4
We've been getting a large number of distributed attack emails and no option I have disabled alerts for has stopped the emails. Is there any way to stop these? Some of the alerts we're getting
If I were to create an external include file for the csf.deny that listed the IP addresses, would I need to restart the csf service every time the external file was modified?
I would like to use a security detection script that monitors traffic on the website to write an IP to the external csf deny include file. I'd rather not get into execution permissions from a script if possible.
I'm trying to figure out a way to add ip addresses to the csf.deny list by means of a php script.
My first approach was to directly write to csf.deny from my php script. But figured that it was better to use usr/sbin/csf -d x.x.x.x because the ip is then directly blocked.
But the above is not working.
Tried with shell_exec and some other commands too.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum