CSF Firewall Deny list issue

Gareth-AWD

Well-Known Member
Jul 3, 2008
195
13
68
London, UK
cPanel Access Level
Root Administrator
IP addresses not in Firewall Deny List list but are being blocked.

I've noticed on 3 of our servers that when somebody goes into the Firewall block list, they call up and I can't find them. Yet if I clear the list and restart they can then get on fine.

The csf deny list seems to reach it's limit then stops showing new IPs on the list but it appears they are being blocked.

It never use to do this and it happens on all 3 servers. Any insight?
 

fuzzylogic

Well-Known Member
Nov 8, 2014
154
93
78
cPanel Access Level
Root Administrator
What makes the client think that it was csf that blocked them.
What errors did they see or what changes in behavior from your server did they see.
Could they not access website frontend, cPanel, email?
If they were receiving 403 responses from the web server, for instance, then they were not in the deny list.

I suggest you search /var/log/lfd.log for the ips that were blocked.
You will most likely find a log entry similar to the following...
May 20 21:11:12 host lfd[10000]: Incoming IP xx.xx.xx.xx temporary block removed

Temporary blocked ips are not held in the csf deny list.
You can view current temporary blocked ips by clicking the "Temporary IP Entries" button at
Home » Plugins » ConfigServer Security & Firewall main page.

That said, by the time the client contacted you and you went looking the default 3600 seconds could have expired and those ips could have been removed from that list.

Sorry Keat I spent too long typing and you beat me to the point.
 
Last edited:
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,272
313
Houston
The suggestions by @keat63 and @fuzzylogic are spot on, it's possible they are temporary blocks, it would also be useful to find more information from /var/log/lfd.log