http and https exception for cpHulk and CSF
Hello,
I'm looking for a way to setup an exception in the firewall for HTTP and HTTPS. I want to keep cpHulk and CSF for the rest of the services(SSH, mail, ftp, etc).
This exception should not be overwritten by cPanel updates.
Because of CSF and cpHulk several failed authentication attempts results blocking the access to http and https. As result our webpages are almost unaccessible from mobile devices connected to 3G/4G networks.
Any ideas?
Istvan
-
I would recommend in this case disabling cphulk entirely (or at the very least, disable any options that block in the system firewall), and using the CSF option called "LF_SELECT" if your server can support it. What this does is documented in the config: # To only block access to the failed application instead of a complete block # for an ip address, you can set the following to "1", but LF_TRIGGER must be # set to "0" with specific application- trigger levels also set appropriately # # The ports that are blocked can be configured by changing the PORTS_* options LF_SELECT = "0"
You would set LF_SELECT = "1" to enable it, and restart CSF/LFD from WHM to ensure both services restart (just restarting csf does not always restart lfd) As configured in the ports options, this would mean if someone attacks FTP they are only blocked form ports 20 and 21, if they attack SSH they are only blocked from port 22, etc.# The following are comma separated lists used if LF_SELECT is enabled, # otherwise they are not used. They are derived from the application returned # from a regex match in /usr/local/csf/bin/regex.pm # # All ports default to tcp blocks. To specify udp or tcp use the format: # port;protocol,port;protocol,... For example, "53;udp,53;tcp" PORTS_pop3d = "110,995" PORTS_imapd = "143,993" PORTS_htpasswd = "80,443" PORTS_mod_security = "80,443" PORTS_mod_qos = "80,443" PORTS_symlink = "80,443" PORTS_suhosin = "80,443" PORTS_cxs = "80,443" PORTS_bind = "53" PORTS_ftpd = "20,21" PORTS_webmin = "10000" PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096" # This list is extended, if present, by the ports defined by # /etc/chkservd/exim-* PORTS_smtpauth = "25,465,587" PORTS_eximsyntax = "25,465,587" # This list is replaced, if present, by "Port" definitions in # /etc/ssh/sshd_config PORTS_sshd = "22"0 -
I'm looking for a way to setup an exception in the firewall for HTTP and HTTPS. I want to keep cpHulk and CSF for the rest of the services(SSH, mail, ftp, etc).
Hello :) As for cPHulk, you can disable "Block IP addresses at the firewall level if they trigger brute force protection" and "Block IP addresses at the firewall level if they trigger a one-day block" via "WHM Home " Security Center " cPHulk Brute Force Protection" so that cPHulk has no interaction with your firewall rules. Thank you.0 -
Thanks for the quick answer. I set the changes. Now wait for some feedback. Istvan 0 -
New Thanks for the quick answer. I set the changes. Now wait for some feedback.
I'm happy to see the information provided to you was helpful. Feel free to update this thread with the outcome after some time has passed. Thank you.0
Please sign in to leave a comment.
Comments
4 comments