ConfigServer Security & Firewall - csf - edit /etc/csf/csf.deny

qba82

Verified User
Joined
Jun 26, 2018
Messages
65
Hi guys,
recently I can't edit /etc/csf/csf.deny through DA csf plugin, few days ago it was all fine, after I click "Change" it was saving file, and saying I need restart csf+lfd. Now it drop me to the main page of csf plugin and doesn't save file, I must edit it in ssh. I checked permissions, owners, it is all fine, I can also edit /etc/csf/csf.allow.

I have more then 700 lines in /etc/csf/csf.deny.

What might cause a problem?
 
Did you limit the number of IP's kept in the /etc/csf/csf.deny file?
 
Where did you get that idea?
You can set a limit yourself in csf.conf and can even choose 0 for unlimited.
However that would not be wise as many rules would eat up your resources.

It's better to have less lines, for example 1500 and then don't block forever but a couple of days.

However, this issue has nothing to do with your limits.
I just tested to have a look and I have the same issue so it's reproducable. I can edit the files, but on clicking save, they don't save.
I didn't see that before because I never use this, I always edit via SSH.

I checked the DA error log and see this as the reason:
Code:
System::load_to_env: loading variable 'POST' is larger than MAX_ENV_LEN(125749) so will be skipped
 
Last edited:
I have 920 IPs in CSF, i try to add more 30 IPs by DA csf plugin and give-me that error in the log.

The solution has to add direct to the file /etc/csf/csf.deny by ssh, so this problem is with Direct Admin interface how can i resolve this?

loading variable 'POST' is larger than MAX_ENV_LEN(125749) so will be skipped
 
Obviously, POSTing over 920 IPs is larger than the default MAX_ENV_LEN....... MAX_ENV_LEN is the problem.
 
Where i can increase this?
Where did you add IP from ?

/CMD_PLUGINS_ADMIN/csf/
or
/CMD_BRUTE_FORCE_MONITOR


I use csf firewall since too long and don't face on that problem with /CMD_PLUGINS_ADMIN/csf/


try increase Max Request/Upload Size (bytes) in
/CMD_ADMIN_SETTINGS

like 1000 MB
 
Same problem here wen i try to Quick Deny Block IP address CSF have with 880 IPs blockeds show this error in /var/log/directadmin/error.log.

System::load_to_env: loading variable 'POST' is larger than MAX_ENV_LEN(125749) so will be skipped
 
Same problem here wen i try to Quick Deny Block IP address CSF have with 880 IPs blockeds show this error in /var/log/directadmin/error.log.
Looks like post size is still too small. In directadmin panel as admin go server manager->>administrator settings->>server settings. Increase max request. I don't know what unit MAX_ENV_LEN is but I'm guessing kb so its 128mb now. Try doubling to 512 or even 1GB. You might need to increase timeout to something like 90 to accommodate larger uploads on slower connections.
 
Back
Top