The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

http and https exception for cpHulk and CSF

Discussion in 'Security' started by IstvanK, Jul 27, 2015.

  1. IstvanK

    IstvanK Registered

    Joined:
    Jul 27, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasov
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm looking for a way to setup an exception in the firewall for HTTP and HTTPS. I want to keep cpHulk and CSF for the rest of the services(SSH, mail, ftp, etc).
    This exception should not be overwritten by cPanel updates.

    Because of CSF and cpHulk several failed authentication attempts results blocking the access to http and https. As result our webpages are almost unaccessible from mobile devices connected to 3G/4G networks.

    Any ideas?

    Istvan
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I would recommend in this case disabling cphulk entirely (or at the very least, disable any options that block in the system firewall), and using the CSF option called "LF_SELECT" if your server can support it. What this does is documented in the config:

    Code:
    # To only block access to the failed application instead of a complete block
    # for an ip address, you can set the following to "1", but LF_TRIGGER must be
    # set to "0" with specific application[*] trigger levels also set appropriately
    #
    # The ports that are blocked can be configured by changing the PORTS_* options
    LF_SELECT = "0"
    
    You would set LF_SELECT = "1" to enable it, and restart CSF/LFD from WHM to ensure both services restart (just restarting csf does not always restart lfd)

    As configured in the ports options, this would mean if someone attacks FTP they are only blocked form ports 20 and 21, if they attack SSH they are only blocked from port 22, etc.

    Code:
    # The following are comma separated lists used if LF_SELECT is enabled,
    # otherwise they are not used. They are derived from the application returned
    # from a regex match in /usr/local/csf/bin/regex.pm
    #
    # All ports default to tcp blocks. To specify udp or tcp use the format:
    # port;protocol,port;protocol,... For example, "53;udp,53;tcp"
    PORTS_pop3d = "110,995"
    PORTS_imapd = "143,993"
    PORTS_htpasswd = "80,443"
    PORTS_mod_security = "80,443"
    PORTS_mod_qos = "80,443"
    PORTS_symlink = "80,443"
    PORTS_suhosin = "80,443"
    PORTS_cxs = "80,443"
    PORTS_bind = "53"
    PORTS_ftpd = "20,21"
    PORTS_webmin = "10000"
    PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096"
    # This list is extended, if present, by the ports defined by
    # /etc/chkservd/exim-*
    PORTS_smtpauth = "25,465,587"
    PORTS_eximsyntax = "25,465,587"
    # This list is replaced, if present, by "Port" definitions in
    # /etc/ssh/sshd_config
    PORTS_sshd = "22"
    
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    As for cPHulk, you can disable "Block IP addresses at the firewall level if they trigger brute force protection" and "Block IP addresses at the firewall level if they trigger a one-day block" via "WHM Home » Security Center » cPHulk Brute Force Protection" so that cPHulk has no interaction with your firewall rules.

    Thank you.
     
  4. IstvanK

    IstvanK Registered

    Joined:
    Jul 27, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasov
    cPanel Access Level:
    Root Administrator
    Thanks for the quick answer. I set the changes. Now wait for some feedback.

    Istvan
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I'm happy to see the information provided to you was helpful. Feel free to update this thread with the outcome after some time has passed.

    Thank you.
     
Loading...

Share This Page