csf firewall

[migmac]

Hello,

I keep receiving emails from the csf firewall like this

Account: admin
Resource: Virtual Memory Size
Exceeded: 221 > 200 (MB)
Executable: /usr/local/php5/bin/php-cgi
Command Line: /usr/local/php5/bin/php-cgi /home/username/domains/etc
PID: 20745 (Parent PID:19618)
Killed: No

but, on the csf, there is already a rule to exclude: /usr/local/php5/bin/php-cgi

at csf.pignore I have also this rules:

exe:/usr/sbin/pure-ftpd
exe:/usr/local/apache/bin/httpd
exe:/usr/sbin/sshd
exe:/usr/sbin/proftpd
exe:/usr/sbin/httpd
exe:/usr/local/php4/bin/php-cgi
exe:/usr/local/php5/bin/php-cgi
exe:/usr/local/php6/bin/php-cgi
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/dovecot-auth
exe:/usr/libexec/dovecot/imap

etc....


is there anything I can do to check why the exclusion is not working?

thank you

 

[scsi]

I would probably use something like this.

pexe:/usr/local/php5/bin/php-cgi.*

 

[migmac]

I would probably use something like this.

pexe:/usr/local/php5/bin/php-cgi.*

sorry for the question, but is it really pexe or is it exe ?

thank you

 

[migmac]

sorry for the question, but is it really pexe or is it exe ?

thank you

I have used:
exe:/usr/local/php5/bin/php-cgi.*

but did not work, I still get allot of this messages, any idea why?

 

[scsi]

Its pexe, exe is different. It should say at the top of that file what they are for. pexe does a regex

 

[migmac]

Its pexe, exe is different. It should say at the top of that file what they are for. pexe does a regex

this did solve the problem
thank you