I’ve a running CSF installation with messenger service on CloudLinux 8, I’ve migrated it from iptables to ipset to use blocklists, works wonderfully. But now I have a problem which I cannot solve: if I use the variable CC_MESSENGER_ALLOW and enter any country code or more then I can no longer reach the messenger (v3) page from a blocked IP. I have made sure that CSF recognizes my country correctly, in ipset the IP is also entered in the MESSANGER cain:
If I change it back, from: CC_MESSENGER_ALLOW = "XY" to: CC_MESSENGER_ALLOW = "" the messenger service works again.
Am I missing something here?
Block command:
Check
IP is listed twice because it is used in the chains MESSENGER & chain_DENY
The country filter seems to work otherwise because I have blocked a few countries and see the counter counts up. The goal is that IPs, that are on blocklists cannot unblock themselves.
Config
Does one of you have an idea for this? Unfortunately the configserver forum is offline. Thanks
Bash:
[root@da-dev2 csf]# ipset -L MESSENGER
Name: MESSENGER
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 504
References: 0
Number of entries: 1
Members:
217.16.1.2If I change it back, from: CC_MESSENGER_ALLOW = "XY" to: CC_MESSENGER_ALLOW = "" the messenger service works again.
Am I missing something here?
Block command:
Bash:
[root@da-dev2 csf]# csf -d 217.16.1.2
Adding 217.16.1.2 to csf.deny and iptables DROP...
csf: IPSET adding [217.16.1.2] to set [chain_DENY]
[root@da-dev2 csf]# csf -d 217.16.1.2
deny failed: 217.16.1.2 is in already in the deny file /etc/csf/csf.deny 1 timesCheck
Bash:
[root@da-dev2 csf]# ipset -L | grep 217.16.1.2
217.16.1.2
217.16.1.2The country filter seems to work otherwise because I have blocked a few countries and see the counter counts up. The goal is that IPs, that are on blocklists cannot unblock themselves.
Config
Bash:
MESSENGERV3 = "1"
MESSENGERV3LOCATION = "/etc/httpd/conf/extra/httpd-includes.conf"
MESSENGERV3RESTART = "service httpd restart"
MESSENGERV3TEST = "/usr/sbin/apachectl -t"
MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf"
MESSENGERV3WEBSERVER = "apache"
MESSENGERV3PERMS = "711"
MESSENGERV3GROUP = "apache"
MESSENGERV3PHPHANDLER = ""Does one of you have an idea for this? Unfortunately the configserver forum is offline. Thanks
