csf messenger with country filter

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
seechiller
Junior Member
Posts: 6
Joined: 22 Jan 2010, 12:55

csf messenger with country filter

Post by seechiller »

I’ve a running CSF installation with messenger service on CloudLinux 8, I’ve migrated it from iptables to ipset to use blocklists, works wonderfully. But now I have a problem which I cannot solve: if I use the variable CC_MESSENGER_ALLOW and enter any country code or more then I can no longer reach the messenger (v3) page from a blocked IP. I have made sure that CSF recognizes my country correctly, in ipset the IP is also entered in the MESSANGER cain:

Code: Select all

[root@da-dev2 csf]# ipset -L MESSENGER
Name: MESSENGER
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 504
References: 0
Number of entries: 1
Members:
217.16.1.2
If I change it back, from: CC_MESSENGER_ALLOW = "XY" to: CC_MESSENGER_ALLOW = "" the messenger service works again.

Am I missing something here?

Block command:

Code: Select all

[root@da-dev2 csf]# csf -d 217.16.1.2
Adding 217.16.1.2 to csf.deny and iptables DROP...
csf: IPSET adding [217.16.1.2] to set [chain_DENY]

[root@da-dev2 csf]# csf -d 217.16.1.2
deny failed: 217.16.1.2 is in already in the deny file /etc/csf/csf.deny 1 times


Check

Code: Select all

[root@da-dev2 csf]# ipset -L | grep 217.16.1.2
217.16.1.2
217.16.1.2
IP is listed twice because it is used in the chains MESSENGER & chain_DENY

The country filter seems to work otherwise because I have blocked a few countries and see the counter counts up. The goal is that IPs, that are on blocklists cannot unblock themselves.


Config

Code: Select all

MESSENGERV3 = "1"
MESSENGERV3LOCATION = "/etc/httpd/conf/extra/httpd-includes.conf"
MESSENGERV3RESTART = "service httpd restart"
MESSENGERV3TEST = "/usr/sbin/apachectl -t"
MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf"
MESSENGERV3WEBSERVER = "apache"
MESSENGERV3PERMS = "711"
MESSENGERV3GROUP = "apache"
MESSENGERV3PHPHANDLER = ""
Does one of you have an idea for this? Thanks
Top
pointer
Junior Member
Posts: 1
Joined: 07 Nov 2022, 16:57

Re: csf messenger with country filter

Post by pointer »

Hello,

i have just enabled the option and having the exact same issue. Did you ever find out a way to use CC_MESSENGER_ALLOW with messenger (v3) or can this be confirmed as a bug :)

Thank you
Top
Post Reply

Return to “Report Bugs (csf)”