Want to subscribe to topics you're interested in?
Become a Member

CSF Csf block Invision license URL?

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Jun 7, 2019.

  1. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Hello

    Today at one of my server i got a warning about my License for invision and after checking the server seems that i snot able to contact the Invision license url:

    Code:
    remoteservices.invisionpower.com
    Code:
    ping remoteservices.invisionpower.com
    PING remoteservices.invisionpower.com (13.32.215.143) 56(84) bytes of data.
    From server.mydomain.com (123.456.789.000) icmp_seq=1 Destination Port Unreachable
    ping: sendmsg: Operation not permitted
    That started 2 hours ago and from there support all seems ok from there end....

    I didn't adjust anything on the server from my end and i clear also some deny ip's from csf and restart it.

    But nothing i can't ping it :(

    Any ideas?

    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,667
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    8:38 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    did you do any country level or ISP ASN level blocking in CSF Firewall ? check that the country block didn't block invisionpower.com's IP geo location determined country or grep CSF Firewall logs for the their IP and see
    Code (Text):
    csf -g 13.32.215.143
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    No country bans !
    Whitelisting the ip maybe will not help as the ip changes as they use Cloudfront and the ip is dynamic....

    When i close the firewall it works !

    Don't know :(

    Code:
    csf -g 13.32.215.143
    
    Table  Chain            num   pkts bytes target     prot opt in     out     source               destination       
    
    filter DENYIN           4       53 29674 DROP       all  --  !lo    *       13.32.215.143        0.0.0.0/0
    
    filter DENYOUT          4     3140  191K LOGDROPOUT  all  --  *      !lo     0.0.0.0/0            13.32.215.143
    
    IPSET: No matches found for 13.32.215.143
    
    Temporary Blocks: IP:13.32.215.143 Port: Dir:inout TTL:86400 (lfd - (CT) IP 13.32.215.143 (US/United States/server-13-32-215-143.cdg54.r.cloudfront.net) found to have 104 connections)
    Temporary Blocked ?

    Where is this so i can clear it?
     
    Last edited: Jun 7, 2019
  4. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Code:
    csf -tf
    Problem solved :)

    Is it a good idea to add Cloudfront ip adresses as we do with Cloudflare at whitelist on csf ?

    Thanks
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Today i got the same issue again with some Cloudfront ip's temporarly banned for checking the Invision license.

    @eva2000

    Do you think that it will be a good idea to add them to csf as you did with Cloudflare?

    Can you do that please?

    Thank you
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    The issue seems to be from there end....:

    But it may be good to have that ip's whitelisted or as a script for anyone will need that?
     
  7. eva2000

    eva2000 Administrator Staff Member

    41,667
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    8:38 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Amazon Cloudfront's IP range is huge so whitelisting such probably not a good idea as alot of folks use Amazon IPs due to their AWS services.
     
    • Agree Agree x 1
  8. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Hello

    Which value should i adjust to increase bit the temporary ban connections ?

    Thank you
     
  9. eva2000

    eva2000 Administrator Staff Member

    41,667
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    8:38 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    how is invision's license server connecting to your server ? CSF Firewall doesn't ban requests for no reason - so best to find out what is triggering the bans rather than loosening the bans for every request non-invision included
     
  10. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I just need that as it is causing issues as a temporary solution until i find out what is going on....

    It is from the Spam service but i need to find out more....
    Code:
    https://remoteservices.invisionpower.com
    In the meantime i was checking to increase it temporary .....
     
  11. eva2000

    eva2000 Administrator Staff Member

    41,667
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    8:38 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    well you need to know what's triggering CSF Firewall to know which setting in /etc/csf/csf.conf to adjust heh
     
  12. pamamolf

    pamamolf Premium Member Premium Member

    3,476
    334
    83
    May 31, 2014
    Ratings:
    +641
    Local Time:
    1:38 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I thought that it was a specific setting for temporary bans at around 100 connections..... Damn...
     
  13. eva2000

    eva2000 Administrator Staff Member

    41,667
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,413
    Local Time:
    8:38 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    oh your first post suggests it's ICMP/ping trigger rate limiting
    Code (Text):
    # Set the per IP address incoming ICMP packet rate for PING requests. This
    # ratelimits PING requests which if exceeded results in silently rejected
    # packets. Disable or increase this value if you are seeing PING drops that you
    # do not want
    #
    # To disable rate limiting set to "0", otherwise set according to the iptables
    # documentation for the limit module. For example, "1/s" will limit to one
    # packet per second
    ICMP_IN_RATE = "1/s"
    
     
    • Like Like x 1