Adding to CSF's Temporary Deny via PHP

GoWilkes

Well-Known Member
Sep 26, 2006
439
8
168
cPanel Access Level
Root Administrator
I'm using CSF (ConfigServer Firewall). Can you guys suggest a way to add an IP to the Temporary Deny list from a user's PHP?

I know how to do it with the CSF GUI and by SSH, but I'm hoping to figure out a way to add IPs that try to access certain pages that don't exist (like "wp-login.php"). Some of my hosting clients use Wordpress, though, so I can't block ALL references to it; just from my own personal sites that are much higher in traffic and don't use Wordpress.

I'm currently adding IPs to a database that try to access specific pages, and then pages look up user's IP, compares it to the database, and if it's found they get a Forbidden error. But it would be great to block them at the firewall.
 

fuzzylogic

Well-Known Member
Nov 8, 2014
136
78
28
cPanel Access Level
Root Administrator
If this is correct,
and if it's found they get a Forbidden error.
then you are 90% there already.
CSF has configuration settings to manage how to add IPs to the firewall that repeatedly generate 403 http status with their requests.
These settings are used by a LFD action to set Number of 403s to trigger and to set Permanent Block or Temp block with period.
Search CSF configuration page for...
LF_APACHE_403
LF_APACHE_403_PERM
LF_INTERVAL
for usage instructions.

Perhaps post a sample entry from apache's error_log of an ip in your database generating a 403 status to see if its likely to be a candidate for the LF_APACHE_403 action.
Anonymize the server ip and client ip.
 
  • Like
Reactions: cPanelMichael