Adding to CSF's Temporary Deny via PHP

GoWilkes

• June 05, 2019 14:03

I'm using CSF (ConfigServer Firewall). Can you guys suggest a way to add an IP to the Temporary Deny list from a user's PHP? I know how to do it with the CSF GUI and by SSH, but I'm hoping to figure out a way to add IPs that try to access certain pages that don't exist (like "wp-login.php"). Some of my hosting clients use Wordpress, though, so I can't block ALL references to it; just from my own personal sites that are much higher in traffic and don't use Wordpress. I'm currently adding IPs to a database that try to access specific pages, and then pages look up user's IP, compares it to the database, and if it's found they get a Forbidden error. But it would be great to block them at the firewall.

• 

  fuzzylogic

  • June 06, 2019 09:00

  If this is correct,

  and if it's found they get a Forbidden error.

  
  then you are 90% there already. CSF has configuration settings to manage how to add IPs to the firewall that repeatedly generate 403 http status with their requests. These settings are used by a LFD action to set Number of 403s to trigger and to set Permanent Block or Temp block with period. Search CSF configuration page for... LF_APACHE_403 LF_APACHE_403_PERM LF_INTERVAL for usage instructions. Perhaps post a sample entry from apache's error_log of an ip in your database generating a 403 status to see if its likely to be a candidate for the LF_APACHE_403 action. Anonymize the server ip and client ip.

  0
• 

  cPanelMichael

  • June 10, 2019 17:11

  Hello @GoWilkes, Let us know if the information in the previous post helps. Thank you.

  0

Please sign in to leave a comment.