Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Strange Problem with CSF on CentOS - Please kindly help!

Strange Problem with CSF on CentOS - Please kindly help!

AmitzAmitz Member
edited September 2012 in Help

Dear all,

I am facing a strange problem with CSF (ConfigServer Firewall) on a CentOS 6 machine that I never came across before and even Aunt Google did not come up with an answer...

Whenever I manually insert an IP to /etc/csf/csf.deny either using an editor or via "csf -d IPADRESS", it perfectly blocks the IP to connect via SSH, but the IP can still access the website that is hosted on the server.

I am used to (and expect) that IP to be blocked for connections to any port and service on the machine. Why does it still come through via Port 80? I am absolutely clue- and helpless. Hopefully, one of you may be able to help me out!

Thanks in advance & Cheers, -Amitz

Got divided by zero. Three times. Feel better ever since...

Comments

  • Did you restart CSF after making the change / addition?

    csf -r

  • AsadHaiderAsadHaider Member
    edited September 2012

    Run this command to check if you have the required iptables modules.

    perl /etc/csf/csftest.pl

  • Thanks for your answers! Yes, I did a

    csf -r

    afterwards and this is the output of the csftest:

    perl /etc/csf/csftest.pl
    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing xt_connlimit...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK
    Testing iptable_nat/ipt_DNAT...OK
    
    RESULT: csf should function on this server

    I just reinstalled CSF and it keeps happening... :-(

    Got divided by zero. Three times. Feel better ever since...

  • TazTaz Disabled

    Did you restart lfd? Why don't you use the gui btw? Does the gui works or even that fails?

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • AmitzAmitz Member
    edited September 2012

    Yes, I also restarted lfd. I never used the GUI before. It was never necessary... I think that CSF is quite simple to handle and never had any problem on other boxes with it. That's why I am so clueless what is going on here.

    Got divided by zero. Three times. Feel better ever since...

  • TazTaz Disabled
    edited September 2012

    Try today and see if that is working, also check your csf config (There was an option somewhere to block/allow certain part of server an vice versa, haven't logged into whm for ages).

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • @AsadHaider said: How do you know the block isn't working?

    I can enter my own IP with "csf -d". Afterwards, connecting to the server via SSH (for example) no longer works, while I can still browse the website on the server. I have furthermore added the IP of a bandwidth abuser in csf.deny and he is still sucking stuff like crazy.

    @Taz_NinjaHawk said: Try today and see if that is working, also check your csf config (There was an option somewhere to block/allow certain part of server an vice versa).

    I never looked at it - Is the GUI called by http://SERVER_IP:Port?

    Got divided by zero. Three times. Feel better ever since...

  • TazTaz Disabled

    Is it a whm/cpanel server or csf running standalone?

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • AmitzAmitz Member
    edited September 2012

    CSF standalone. I have just activated the GUI in csf.conf. I even opened port 6666 but cannot connect to it via http://SERVER_IP:6666.

    //Edit: Also tried to set alternative port numbers. Did not work too.

    Got divided by zero. Three times. Feel better ever since...

  • But, however, GUI aside: Any more ideas concerning this strange issue?

    Got divided by zero. Three times. Feel better ever since...

  • TazTaz Disabled

    Reboot? Flush your ip tables? Reinstall CSF?

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • Did all that (besides a server reboot). Do you feel my despair? ;-)

    Got divided by zero. Three times. Feel better ever since...

  • AsadHaiderAsadHaider Member
    edited September 2012
  • You can do

    iptables -L -n

    to see what rules actually exist, and whether the IP is blocked for all ports or only ssh (e.g., --dport 22).

  • @AsadHaider said: What virtualization type is the server running?

    Sorry, I forgot: It is a dedicated server. So limits from the host OS should not apply.

    @sleddog said: You can do iptables -L -n to see what rules actually exist, and whether the IP is blocked for all ports or only ssh (e.g., --dport 22).

    This is the output of

    iptables -L -n | grep MY.IP.ADDRESS
    
    DROP       all  --  MY.IP.ADDRESS        0.0.0.0/0           
    DROP       all  --  0.0.0.0/0            MY.IP.ADDRESS
    

    Everything seems to be fine. It's a mystery for me right now.

    Got divided by zero. Three times. Feel better ever since...

  • @Amitz said: It's a mystery for me right now.

    How are you determining that the IP is still able to connect?

  • I used my own IP for testing.

    Got divided by zero. Three times. Feel better ever since...

  • maybe you have a rule before that says like allow all port 80 and would take precedence. M

    I am only representing myself :)

  • AmitzAmitz Member
    edited September 2012

    I would love to check that, but the server did not come back after a reboot that I initiated some minutes ago. The DC is now kind enough to check the reason...

    Thank god - I was not greedy and have the website on that server mirrored on a cheap dedicated at OVH. Just switched DNS settings and will hopefully not be offline too long.

    Got divided by zero. Three times. Feel better ever since...

  • You could always abandon csf for apf. Superior imo

  • I installed the CSF in DirectAdmin, but to start it, and all FTP can not connect.

    Welcome to My BlogVPS-Hosting-Server
  • AmitzAmitz Member
    edited September 2012

    BANG!

    I am so stupid... I have found the reason for the issue and wanted to share my stupidity with you. The website in question is behind a free CloudFlare plan. Therefore all requests to the webserver are coming from CloudFlare IPs and not from the direct IP of the visitor. Therefore I could deny as many IPs as I would like to in csf.deny - That will never affect anything as long as the visitor is behind a CloudFlare IP.

    My question now is: How do I lock somebody out from the website via IP denial while still using CloudFlare? There must be a possibility for this, I am surely not the only one with that problem...

    //Edit: Ah. I just saw that CloudFlare is also offering a blacklist/whitelist IP interface. That would be the way to go then, I guess...

    Got divided by zero. Three times. Feel better ever since...

  • Unless cloudflare sends some referrer IP in the call to your server and does not override everything with own IP, you wont be able to. Even if it does, it cant be done at simple csf level, need some DPI. M

    I am only representing myself :)

  • CF does have an entire header with the IP, and another with the country if enabled.

    They're likely the most friendly reverse proxy service there is.f

    Just map the IP to a variable, and then deny it matches that.

    -- BOFH

  • @Wintereise said: CF does have an entire header with the IP, and another with the country if enabled.

    Nice :) Never used them, no need, but it may become handy one day. M

    I am only representing myself :)

Sign In or Register to comment.