Skip to main content

CSF rules causing intermittent downtime? Need expert review.

Hatrix Hoster

Hi everyone,
I’m running a LiteSpeed Web Server on a WHM/cPanel environment and I have recently been receiving multiple client complaints about websites becoming intermittently inaccessible.

Symptoms clients are reporting

  • Website randomly becomes inaccessible

  • Reloading the page sometimes fixes the issue

  • Some users get ERR_CONNECTION_RESET

  • Works on VPN but not on their home ISP

  • Only affects certain IPs, not global

  • WHM (2087) remains accessible during the same time period

 My own uptime monitoring logs show the following errors: 

error sending request for url: client error (Connect): connection reset by peer (os error 104)
error sending request for url: connection closed before message completed
client error (SendRequest): connection closed before message completed
These errors repeat multiple times per day, each lasting ~30 seconds, and then automatically resolve.

Important observation

At the exact same timestamps,

  • Websites show DOWN (connection reset)

  • WHM (2087) shows UP and reachable

This seems to indicate a firewall-level drop affecting only port 80/443 traffic.

My CSF Configuration (Recent Anti-DDoS hardening) - Recently applied and started getting issue

CONNLIMIT = "80;100,443;100"
CT_LIMIT = "300"
CT_INTERVAL = "60"
PS_LIMIT = "20"
SYNFLOOD_RATE = "50/s"
SYNFLOOD_BURST = "100"

These rules were meant to:

  • Limit concurrent connections

  • Prevent floods

  • Detect connection tracking bursts

  • Block process count abuse

However, after applying these settings, the intermittent downtime began being noticed by clients.

 

Client-side behavior

Clients report:

  • Their website shows down randomly

  • Works fine from my network

  • Works when using VPN

  • No block listed in CSF deny list

  • Even after manually allowing the IP in CSF, the problem continues

This makes me suspect temporary CSF rate limiting or connection tracking kills, not a permanent deny entry.

 

My doubts or queries are:

Are these CSF settings too strict for shared hosting?

What are the recommended CSF limits for a LiteSpeed shared hosting environment?

Do CONNLIMIT / CT_LIMIT / SYNFLOOD rules generate temporary blocks that do not appear in the deny list?

Any recommended rule adjustments to prevent these false positives?

Additional context

  • Using LiteSpeed Web Server

  • Uptime monitoring tool often gets blocked with connection reset by peer

  • Client devices on ISP NAT networks are affected more frequently

  • Server itself remains stable (no load spikes) - currently using google recaptcha with Litespeed 

I want to tune CSF properly for shared hosting to:

- Prevent DDoS
- Avoid blocking uptime robots
- Avoid false positives for clients
- Maintain LiteSpeed performance

Comments

2 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  CSF isn't provided by cPanel, so I can't personally recommend any particular settings.  If you remove those specific rules do the problems go away?  Maybe those limits are too strict for how the sites and pages are coded, and that is causing the issue.

    0
  • Hatrix Hoster

    cPRex Yeah I am bit aware of it that csf is not provided by cpanel itself, however I have made this post so that the community member who have already worked with it for web hosting need can review and provide me the suggested values to keep in those csf rule.

    I can't just turn off those rules, I need to keep but looking for the suggested best rule's values.

     

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post