Chirpy,
I know the feature exists to have a centralized IP deny/allow list but what about having a clustered one?
For example, we host our servers on the same network. So what would be nice is if one server denies/allows an IP, the other servers pick up the IP and perform the same action.
It might sound easier on paper but certainly a noteworthy feature.
Clustered IP deny/allow list.
-
flashwebhost
- Junior Member
- Posts: 6
- Joined: 06 Jun 2007, 20:13
Can't we do it with
# The follow Global options allow you to specify a URL where csf can grab a
# centralised copy of an IP allow or deny block list of your own. You need to
# specify the full URL in the following options, i.e.:
# http://www.somelocation.com/allow.txt
#
# The actual retrieval of these IP's is controlled by lfd, so you need to set
# LF_GLOBAL to the interval (in seconds) when you want lfd to retrieve. lfd
# will perform the retrieval when it runs and then again at the specified
# interval. A sensible interval would probably be every 3600 seconds (1 hour)
#
# You do not have to specify both an allow and a deny file
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
LF_GLOBAL = ""
-
Domineaux
- Junior Member
- Posts: 18
- Joined: 19 Sep 2007, 23:42
- Location: Houston, TX USA (Earth)
- Contact:
Not sure about others but I love the idea though not sure about accomplishing it with PHP personally
Maybe if a flag was added so that you could directly add an IP to the glob_allow or glob_deny lists as easily as you can with the normal allow/deny lists then a simple way to cluster the idea would be easier.
By this I mean something like:
csf -ga 123.123.123.123 (adds IP to global allow list and loads the new rule automatically)
csf -gd 124.124.124.124 (adds IP to global deny list and loads the new rule automatically)
Then a simple method to send those commands too all servers within the cluster arrangement, or to a master server and then have all slaves get the updated glob_allow or glob_deny file from the master server.
Maybe if a flag was added so that you could directly add an IP to the glob_allow or glob_deny lists as easily as you can with the normal allow/deny lists then a simple way to cluster the idea would be easier.
By this I mean something like:
csf -ga 123.123.123.123 (adds IP to global allow list and loads the new rule automatically)
csf -gd 124.124.124.124 (adds IP to global deny list and loads the new rule automatically)
Then a simple method to send those commands too all servers within the cluster arrangement, or to a master server and then have all slaves get the updated glob_allow or glob_deny file from the master server.