- It can interact with mod_security, .htaccess auth, cPanel and SSH logins and ban repeat offenders. (NOTE: Watch the mod_sec bans carefully, one of the core rules in mod_security triggers due to unknown reasons periodically. I get about one or two normal people that it firewall bans per week. It only seems to ban for violations of that rule, so I'll probably tweak it and remove whatever tag is causing CSF to trigger.) I've got 17 IPs from botted Chinese servers that were automatically banned for SSH/SMTP/WHM brute force attempts, some for people trying to brute force one of my site's .htaccess password protected pages.
You can define whitelisted IPs that CSF and LFD will ignore. Likewise, you can define folders and scripts. (I have LFD ignoring a folder that tends to trigger brute force bans when people forget their password. I just log it the good ol fashioned way.)
- It creates a very secure and easy to manage firewall policy ruleset.
- It's designed to work with cPanel (and as said before, updates are issued weekly)
- CSF can autoupdate itself
- It does a basic security check for must-have security programs, configurations, services that should be disabled, status of the /tmp directory, etc.
- WHM controllable interface, whereas APF has to be managed from shell