Skip to main content

Log for viewing all CSF rejections w/details for troubleshooting?

Dezdan
  • Edited

Is there a single log where I can view rejections from CSF and view the incoming request (URL) for that rejection? I am trying to trouble shoot some access issues.

Around the end of last month, I first noticed some issues with an app fetching some icons from a URL. I use a custom application within a Google software product, and recently I noticed that none of my icons in this application were loading, however, they would load if I called them directly outside the app via their direct URL in my browser. Some testing, i.e. dropping CSF for a few seconds, the icons would load in the app. So, something in CSF (not IP related) is preventing the icon files from loading into the app.

I’m not seeing the rejections in the iptables (messages) or any of the logs I can think of related to CSF.

Comments

5 comments

Date Votes
  • quietFinn

    I think the only log CSF/LFD writes to is /var/log/lfd.log

    0
  • Damian

    CSF uses iptables so that would suggest it is IP related.

    If you pause CSF and load the app, you should be able to see what IPs are accessing the icons. Whitelist then and enable CSF again.
    Something to test :)

    0
  • ciao70

    If you have modsecurity enabled, it might also be blocking.

    Also check the modsecurity log, if necessary, you should disable the blocking rule.

    0
  • Dezdan

    Thanks all! Still working on it.

    I think the only log CSF/LFD writes to is /var/log/lfd.log

    For whatever reason, like some others, CSF writes to /var/log/messages not the lfd log. However, it does not show any blockage of my icons.

    If you pause CSF and load the app, you should be able to see what IPs are accessing the icons. Whitelist then and enable CSF again.
    Something to test :)

    I have tested that, and it is my IP, and it is already whitelisted. I’m thinking since the app is requesting all the icons at once (~20ish), something is blocking hose request.

    If you have modsecurity enabled, it might also be blocking.

    Also check the modsecurity log, if necessary, you should disable the blocking rule.

    I hadn’t thought about that! I’ll take a look!

    0
  • MinervaH

    > the app is requesting all the icons at once (~20ish)

    Are you using the mod_evasive Apache module?

    Apache Module — Evasive | cPanel & WHM Documentation

     

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post