CSF Firewall

[rlshosting]

Would it be possible to add compatibility to this?

Thanks a million.

 

[mistwang]

What do you mean "compatibility to CSF Firewall"?
Exclude from LFD?

 

[rlshosting]

I said on the configserver forums:

Is this plugin compatible with it? I see no IPs blocked on my server.

Then I said:

Nevermind. I see emails but no IPs in csf.deny.

Then the admin said:

No, there are no regex's to monitor that applications logs. You would have to write your own using regex.custom.pm

 

[mistwang]

Yes, CSF need to be configured to parse error log file for detected IP attacking the server.
We will leave it for CSF developer or someone familiar with their regex setup.

 

[rlshosting]

Any other firewalls you recommend that may work better with lite speed? APF maybe or does it work fine without any other firewall and just iptables?

 

[mistwang]

We recommend using fail2ban in this regard.

 

[khatfield]

So you're saying there is a log that can be parsed to block IP's via the local server firewalls?

 

[mistwang]

Yes, LSWS or LSLB log attacking IP addresses to main error log.

 

[ffeingol]

At last look LSWS writes out the 'mod_security' records slightly differently than actual mod_security. This causes CSF to not parse/pick up the LSWS mod_security log records. I can post more details if necessary.

 

[mistwang]

Please check the latest 4.0.12 release, if anything still prevent CSF from pickup it, we will fix.

 

[anewday]

Thanks George, I wanted this to work a while ago.

 

[rlshosting]

Is there a new version of lite speed 4.0.12 or is this fixed in this version already? It says it can not reinstall.

Error: Failed to download release 4.0.12!

 

[mistwang]

That's a bug fixed in latest 4.0.12 build.

Please download manually and run install.sh to upgrade.

 

[Tony]

At last look LSWS writes out the 'mod_security' records slightly differently than actual mod_security. This causes CSF to not parse/pick up the LSWS mod_security log records. I can post more details if necessary.

Do the new versions for you pick up everything? I'm trying to rule out if it's our rules causing nothing to show up in logs or if it's more bugs as far as LSWS mod_security functionality replication.

 

[mistwang]

There was bug in our mod_security implementation, which may skip some rules for audit logging, it should have been addressed in our 4.0.12 release.