csf.deny ip address deny limit

ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

Re: csf.deny ip address deny limit

Post by ovan »

Thank you :)
n2rga
Junior Member
Posts: 9
Joined: 09 Apr 2014, 03:48

Re: csf.deny ip address deny limit

Post by n2rga »

Sorry for butting in but a question the Include /path_to_ip_file/blacklistip.txt
is there a limit of IPs I can have in that file or do I have to keep it under 1,000 each
Include?
thanks
Mitch
ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

Re: csf.deny ip address deny limit

Post by ovan »

puppet wrote:
ovan wrote:
puppet wrote:I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.
How to put more than 1K IPs in csf.deny
because i saw in the csf from cpanel plugin is only 1K, and if any other IPs got blocked, will remove the ldest IPs blocked
You don't need to put all the IPs to one file. You can put those IPs to a seperate file then add an include to csf.deny like follows:

Include /path_to_ip_file/blacklistip.txt
Thanks for your reply,
how to put an include to csf.deny, i mean where should i put the include syntax.?
is there any impact to the overall system.? such as a decrease in performance or higher CPU/Memory load
ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

Re: csf.deny ip address deny limit

Post by ovan »

finally.... i/ve made change in DENY_IP_LIMIT which Recommended range: 10-1000 (Default: 200), i set it to 2000 :D

case closed
ditto
Junior Member
Posts: 8
Joined: 25 Feb 2012, 11:14

Re: csf.deny ip address deny limit

Post by ditto »

I am sort of having almost the same problem. It must be a bug:

I have this:

Edit csf.allow, the IP address allow file (Currently: 70 permanent IP allows)
Edit csf.deny, the IP address deny file (Currently: 1010 permanent IP bans)

And my DENY_IP_LIMIT is 800 and my DENY_TEMP_IP_LIMIT is 200

What happens is when I have more then 1000 IPs in total I am not able to make changes in the GUI in "Firewall Deny IPs", when I click "Save" nothing is saved and CSF/LFD is not restarted.

So the bug only seem to happen when making manual changes in the GUI to the IPs in "Firewall Deny IPs", it just does not work if you have more then 1000 IPs.

Does anyone know a work around on this problem?
mopa5000
Junior Member
Posts: 2
Joined: 07 May 2019, 16:43

Re: csf.deny ip address deny limit

Post by mopa5000 »

ovan wrote: 14 Apr 2014, 15:23 finally.... i/ve made change in DENY_IP_LIMIT which Recommended range: 10-1000 (Default: 200), i set it to 2000 :D

case closed
Ovan, wherein do you notice that perm block default is 1000. Perm Block Default is 200 and temporary is a hundred in CSF.
Post Reply