Answer the question
In order to leave comments, you need to log in
A
A
Andrey2016-02-09 16:56:06
Andrey, 2016-02-09 16:56:06
Csf sweeps normal users work?
Many users write to those support that the site takes a long time to load, that the pictures are not displayed, and so on and so forth.
Sometimes the Yandex API and webmoney glorified an error when accessing our server as unavailable during payment (payments can be 100-150 at a time).
I've tested all the tests, I can't figure out what the problem is for a long time. Requested from users already ping to the site. It does not matter. Then I took myself out of the firewall white list ( csf.allow ) and with the active use of the site and the opening of 5-6 tabs, I began to observe that in general even stupid client-side js might not work.
Maybe pictures and other statics will be loaded with a delay. Opening pages is slower, etc., etc. If I whitelist myself back to csf.allow and restart
csf -r rules
everything is ok problems are not observed at least 20 tabs open and do whatever you want.
CSF has already twisted in different ways, but the problem remains. Of course, all IP addresses of the server, both internal and external, are included in csf.allow, and in csf.ignore
I would not want to give up CSF, it helped a lot in its time. Can anyone tell me what to spin? joxi.ru/a2Xal5qFypRj6A you see 3 ava were not displayed. Toko seconds through 5t were displayed. If you add yourself to the firewall white list (csf), then everything will be ok. hence csf cuts something somewhere. The static is just loaded from another domain. But I added its ip and Gateway to csf.allow and csf.ignore
spoiler
TESTING = "0"
TESTING_INTERVAL = "5"
RESTRICT_SYSLOG = "2"
RESTRICT_UI = "1"
AUTO_UPDATES = "1"
LF_SPI = "1"
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,1500,3000,3001"
TCP_OUT = "20,21,22,25,53,80,110,113,443,1500,3000,3001"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"
ICMP_IN = "1"
ICMP_IN_RATE = "15/s"
ICMP_OUT = "1"
ICMP_OUT_RATE = "0"
IPV6 = "1"
IPV6_ICMP_STRICT = "0"
IPV6_SPI = "1"
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
TCP6_OUT = "20,21,22,25,53,80,110,113,443"
UDP6_IN = "20,21,53"
UDP6_OUT = "20,21,53,113,123"
ETH_DEVICE = "eth0"
ETH6_DEVICE = ""
ETH_DEVICE_SKIP = "eth1"
USE_CONNTRACK = "0"
SYSLOG_CHECK = "0"
IGNORE_ALLOW = "0"
DNS_STRICT = "0"
DNS_STRICT_NS = "0"
DENY_IP_LIMIT = "1000"
DENY_TEMP_IP_LIMIT = "100"
LF_DAEMON = "1"
LF_CSF = "1"
LF_IPSET = "0"
LF_IPSET_HASHSIZE = "1024"
LF_IPSET_MAXELEM = "65536"
LFDSTART = "0"
VERBOSE = "0"
PACKET_FILTER = "1"
LF_LOOKUPS = "1"
SMTP_BLOCK = "0"
SMTP_ALLOWLOCAL = "1"
SMTP_PORTS = "25,465,587"
SMTP_ALLOWUSER = ""
SMTP_ALLOWGROUP = "mail,mailman"
SMTPAUTH_RESTRICT = "0"
SYNFLOOD = "0"
SYNFLOOD_RATE = "200/s"
SYNFLOOD_BURST = "300"
CONNLIMIT = ""
PORTFLOOD = ""
UDPFLOOD = "0"
UDPFLOOD_LIMIT = "200/s"
UDPFLOOD_BURST = "1000"
UDPFLOOD_ALLOWUSER = "named"
SYSLOG = "0"
DROP = "DROP"
DROP_LOGGING = "0"
DROP_IP_LOGGING = "0"
DROP_OUT_LOGGING = "0"
DROP_UID_LOGGING = "1"
DROP_ONLYRES = "0"
DROP_NOLOG = "67,68,111,113,135:139,445,500,513,520"
DROP_PF_LOGGING = "0"
CONNLIMIT_LOGGING = "0"
UDPFLOOD_LOGGING = "1"
LOGFLOOD_ALERT = "0"
WATCH_MODE = "0"
LF_ALERT_TO = ""
LF_ALERT_FROM = ""
LF_ALERT_SMTP = ""
BLOCK_REPORT = ""
UNBLOCK_REPORT = ""
X_ARF = "0"
X_ARF_FROM = ""
X_ARF_TO = ""
X_ARF_ABUSE = "0"
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
LF_PERMBLOCK_ALERT = "1"
LF_NETBLOCK = "0"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"
LF_NETBLOCK_IPV6 = ""
SAFECHAINUPDATE = "0"
DYNDNS = "0"
DYNDNS_IGNORE = "0"
LF_GLOBAL = "0"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
GLOBAL_DYNDNS = ""
GLOBAL_DYNDNS_INTERVAL = "600"
GLOBAL_DYNDNS_IGNORE = "0"
LF_BOGON_SKIP = ""
URLGET = "1"
CC_DENY = ""
CC_ALLOW = ""
CC_ALLOW_FILTER = ""
CC_ALLOW_PORTS = ""
CC_ALLOW_PORTS_TCP = ""
CC_ALLOW_PORTS_UDP = ""
CC_DENY_PORTS = ""
CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""
CC_IGNORE = ""
CC_ALLOW_SMTPAUTH = ""
CC_DROP_CIDR = ""
CC_LOOKUPS = "0"
CC6_LOOKUPS = "0"
CC_INTERVAL = "7"
LF_TRIGGER = "0"
LF_TRIGGER_PERM = "1"
LF_SELECT = "0"
LF_EMAIL_ALERT = "1"
LF_SSHD = "5"
LF_SSHD_PERM = "1"
LF_FTPD = "10"
LF_FTPD_PERM = "1"
LF_SMTPAUTH = "5"
LF_SMTPAUTH_PERM = "1"
LF_EXIMSYNTAX = "10"
LF_EXIMSYNTAX_PERM = "1"
LF_POP3D = "0"
LF_POP3D_PERM = "1"
LF_IMAPD = "0"
LF_IMAPD_PERM = "1"
LF_HTACCESS = "5"
LF_HTACCESS_PERM = "1"
LF_MODSEC = "5"
LF_MODSEC_PERM = "1"
LF_BIND = "0"
LF_BIND_PERM = "1"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"
LF_CXS = "0"
LF_CXS_PERM = "1"
LF_QOS = "0"
LF_QOS_PERM = "1"
LF_SYMLINK = "0"
LF_SYMLINK_PERM = "1"
LF_WEBMIN = "0"
LF_WEBMIN_PERM = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_WEBMIN_EMAIL_ALERT = "0"
LF_CONSOLE_EMAIL_ALERT = "0"
LF_APACHE_404 = "0"
LF_APACHE_404_PERM = "3600"
LF_APACHE_403 = "0"
LF_APACHE_403_PERM = "3600"
LF_EXPLOIT = "900"
LF_EXPLOIT_IGNORE = ""
LF_INTERVAL = "3600"
LF_PARSE = "5"
LF_FLUSH = "3600"
LF_REPEATBLOCK = "0"
LF_BLOCKINONLY = "0"
LF_DIRWATCH = "7200"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"
LF_INTEGRITY = "36000"
LF_DISTATTACK = "0"
LF_DISTATTACK_UNIQ = "2"
LF_DISTFTP = "0"
LF_DISTFTP_UNIQ = "3"
LF_DISTFTP_PERM = "1"
LF_DISTFTP_ALERT = "1"
LF_DISTSMTP = "0"
LF_DISTSMTP_UNIQ = "3"
LF_DISTSMTP_PERM = "1"
LF_DISTSMTP_ALERT = "1"
LF_DIST_INTERVAL = "300"
LF_DIST_ACTION = ""
LT_POP3D = "0"
LT_IMAPD = "0"
LT_EMAIL_ALERT = "1"
LT_SKIPPERMBLOCK = "0"
CT_LIMIT = "0"
CT_INTERVAL = "120"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "0"
CT_BLOCK_TIME = "1800"
CT_SKIP_TIME_WAIT = "0"
CT_STATES = ""
CT_PORTS = ""
PT_LIMIT = "0"
PT_INTERVAL = "0"
PT_SKIP_HTTP = "0"
PT_DELETED = "0"
PT_DELETED_ACTION = ""
PT_USERPROC = "10"
PT_USERMEM = "200"
PT_USERTIME = "1800"
PT_USERKILL = "0"
PT_USERKILL_ALERT = "1"
PT_USER_ACTION = ""
PT_LOAD = "60"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"
PT_APACHESTATUS = "http://127.0.0.1/server-status"
PT_LOAD_ACTION = ""
PT_FORKBOMB = "0"
PT_SSHDHUNG = "0"
PS_INTERVAL = "0"
PS_LIMIT = "20"
PS_PORTS = "0:65535,ICMP"
PS_DIVERSITY = "1"
PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"
PS_EMAIL_ALERT = "1"
UID_INTERVAL = "0"
UID_LIMIT = "10"
UID_PORTS = "0:65535,ICMP"
AT_ALERT = "2"
AT_INTERVAL = "60"
AT_NEW = "1"
AT_OLD = "1"
AT_PASSWD = "1"
AT_UID = "1"
AT_GID = "1"
AT_DIR = "1"
AT_SHELL = "1"
UI = "0"
UI_PORT = "6666"
UI_IP = ""
UI_USER = "username"
UI_PASS = "password"
UI_TIMEOUT = "300"
UI_CHILDREN = "5"
UI_RETRY = "5"
UI_BAN = "1"
UI_ALLOW = "1"
UI_BLOCK = "1"
UI_ALERT = "4"
UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"
UI_SSL_VERSION = "SSLv23:!SSLv2"
UI_CXS = "0"
UI_CSE = "0"
MESSENGER = "0"
MESSENGER_TEMP = "1"
MESSENGER_PERM = "1"
MESSENGER_USER = "csf"
MESSENGER_CHILDREN = "10"
MESSENGER_HTML = "8888"
MESSENGER_HTML_IN = "80,2082,2095"
MESSENGER_TEXT = "8889"
MESSENGER_TEXT_IN = "21"
MESSENGER_RATE = "30/m"
MESSENGER_BURST = "5"
CLUSTER_SENDTO = ""
CLUSTER_RECVFROM = ""
CLUSTER_MASTER = ""
CLUSTER_NAT = ""
CLUSTER_LOCALADDR = ""
CLUSTER_PORT = "7777"
CLUSTER_KEY = ""
CLUSTER_BLOCK = "1"
CLUSTER_CONFIG = "0"
CLUSTER_CHILDREN = "10"
PORTKNOCKING = ""
PORTKNOCKING_LOG = "1"
PORTKNOCKING_ALERT = "0"
LOGSCANNER = "0"
LOGSCANNER_INTERVAL = "hourly"
LOGSCANNER_STYLE = "1"
LOGSCANNER_EMPTY = "1"
LOGSCANNER_LINES = "5000"
ST_ENABLE = "0"
ST_IPTABLES = "100"
ST_LOOKUP = "0"
ST_SYSTEM = "0"
ST_SYSTEM_MAXDAYS = "30"
ST_MYSQL = "0"
ST_MYSQL_USER = "root"
ST_MYSQL_PASS = ""
ST_MYSQL_HOST = "localhost"
ST_APACHE = "0"
ST_DISKW = "0"
ST_DISKW_FREQ = "5"
ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync"
IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/usr/bin/systemctl"
HOST = "/usr/bin/host"
HTACCESS_LOG = "/var/log/apache2/error.log"
MODSEC_LOG = "/var/log/apache2/error.log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/mail.log"
IMAPD_LOG = "/var/log/mail.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/auth.log"
CUSTOM1_LOG = "/var/log/customlog"
CUSTOM2_LOG = "/var/log/customlog"
CUSTOM3_LOG = "/var/log/customlog"
CUSTOM4_LOG = "/var/log/customlog"
CUSTOM5_LOG = "/var/log/customlog"
CUSTOM6_LOG = "/var/log/customlog"
CUSTOM7_LOG = "/var/log/customlog"
CUSTOM8_LOG = "/var/log/customlog"
CUSTOM9_LOG = "/var/log/customlog"
PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_smtpauth = "25,465,587"
PORTS_eximsyntax = "25,465,587"
PORTS_sshd = "22"
GENERIC = "1"
OLD_REAPER = "0"
DEBUG = "0" 1 answer(s)
@strangeman
A
Anton Markelov, 2016-02-18 @strangeman
1) Look at the csf logs - he writes everything that blocks.
2) SECTION:Connection Tracking twisted? Disable CT_LIMIT altogether to begin with, it seems that everything rests on the connection limit.
Similar questions
O
H
D
K
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question