PCI Scanning Being Blocked
Hello!
We have a customer who is set up with ControlScan (Axia) for their PCI compliance. The last scan resulted in a "scan may have been dynamically blocked by an IPS" for port 80.
I have PS_INTERVAL set to 0 in my CSF configuration, and I have ControlScan's scanning IP range but I'm not sure if I need to set that somewhere or not. Is there a way to disable the port-scanning detection/blocking temporarily or for an IP range? I have blocked all non-essential ports that we aren't using (143, 995, 25, etc.) from the public.
I have already posted on the CSF forums, but have received no reply. Hoping someone on here can help, thanks!
-
You should never put a PCI vendor in csf.allow. Add their IP ranges to csf.ignore This will allow them to probe without being blocked, but will not cause you headaches with ports being mistakenly reported as "open" such as 3306 for MySQL which will cause your scan report to be failing status. If you put an IP range in csf.allow, every port appears open. You only need to 'ignore' them for LFD. Be sure to fully restart csf AND lfd after making this change, either via WHM, or on a root shell with: csf -x ; csf -e0 -
You should never put a PCI vendor in csf.allow. Add their IP ranges to csf.ignore
This worked! Thanks for the help!0 -
Glad to help, thanks for checking back. 0
Please sign in to leave a comment.
Comments
5 comments