CSF DENY_IP_LIMIT - googleusercontent.com
I am getting so many csf permanant ip blocks due to modsecurity triggers coming from googleusercontent.com.
lfd on 123.com: blocked 34.105.193.204 (GB/United Kingdom/204.193.105.34.bc.googleusercontent.com)
Time: Mon Jun 15 15:40:57 2026 -0600
IP: 34.105.193.204 (GB/United Kingdom/204.193.105.34.bc.googleusercontent.com)
Failures: 5 (mod_security)
Interval: 3600 seconds
Blocked: Permanent Block [LF_MODSEC]
It is filling up my DENY_IP_LIMIT quickly.
I have read this is coming from google's content deliver network.
Does anyone have suggestions on how to configure any settings to deal with all these blocks?
Thank you.
-
You can increase your DENY_IP_LIMIT. If your CSF is using ipset, you should be able to have a fairly high value set without too much concern. I run a limit of 15000-25000 on my servers. . I don't want to, but have to because of this.
Google is and has been hemorrhaging compromised servers forever. They clearly don't care and aren't going to every shut anyone down who is paying for stuff. I'm sure it's 100% useless to try and complain to Google (and that option probably isn't even available).
You're only choice is to block the garbage and increase your DENY_IP_LIMIT.
But if your CSF is not set up to use ipset / you do not have ipset installed, then it would not be a good idea to increase the value too much.
0 -
It may be more practical to consider blocking the /24.
0
Please sign in to leave a comment.
Comments
2 comments