/ Register

Join the community today
Become a Member

CSF Csf block Invision license URL?

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Jun 7, 2019.

Previous Thread Next Thread
Loading...
  1. Jun 7, 2019 #1
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Hello

    Today at one of my server i got a warning about my License for invision and after checking the server seems that i snot able to contact the Invision license url:

    Code:
    remoteservices.invisionpower.com
    Code:
    ping remoteservices.invisionpower.com
PING remoteservices.invisionpower.com (13.32.215.143) 56(84) bytes of data.
From server.mydomain.com (123.456.789.000) icmp_seq=1 Destination Port Unreachable
ping: sendmsg: Operation not permitted
    That started 2 hours ago and from there support all seems ok from there end....

    I didn't adjust anything on the server from my end and i clear also some deny ip's from csf and restart it.

    But nothing i can't ping it :(

    Any ideas?

    Thank you
     
  2. Jun 7, 2019 #2
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    did you do any country level or ISP ASN level blocking in CSF Firewall ? check that the country block didn't block invisionpower.com's IP geo location determined country or grep CSF Firewall logs for the their IP and see
    Code (Text):
    csf -g 13.32.215.143
     
  3. Jun 7, 2019 #3
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    No country bans !
    Whitelisting the ip maybe will not help as the ip changes as they use Cloudfront and the ip is dynamic....

    When i close the firewall it works !

    Don't know :(

    Code:
    csf -g 13.32.215.143

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination       

filter DENYIN           4       53 29674 DROP       all  --  !lo    *       13.32.215.143        0.0.0.0/0

filter DENYOUT          4     3140  191K LOGDROPOUT  all  --  *      !lo     0.0.0.0/0            13.32.215.143

IPSET: No matches found for 13.32.215.143

Temporary Blocks: IP:13.32.215.143 Port: Dir:inout TTL:86400 (lfd - (CT) IP 13.32.215.143 (US/United States/server-13-32-215-143.cdg54.r.cloudfront.net) found to have 104 connections)
    Temporary Blocked ?

    Where is this so i can clear it?
     
    Last edited: Jun 7, 2019
  4. Jun 7, 2019 #4
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Code:
    csf -tf
    Problem solved :)

    Is it a good idea to add Cloudfront ip adresses as we do with Cloudflare at whitelist on csf ?

    Thanks
     
  5. Jun 10, 2019 #5
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Today i got the same issue again with some Cloudfront ip's temporarly banned for checking the Invision license.

    @eva2000

    Do you think that it will be a good idea to add them to csf as you did with Cloudflare?

    Can you do that please?

    Thank you
     
  6. Jun 10, 2019 #6
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    The issue seems to be from there end....:

    But it may be good to have that ip's whitelisted or as a script for anyone will need that?
     
  7. Jun 10, 2019 #7
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Amazon Cloudfront's IP range is huge so whitelisting such probably not a good idea as alot of folks use Amazon IPs due to their AWS services.
     
  8. Jul 2, 2019 #8
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Hello

    Which value should i adjust to increase bit the temporary ban connections ?

    Thank you
     
  9. Jul 2, 2019 #9
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    how is invision's license server connecting to your server ? CSF Firewall doesn't ban requests for no reason - so best to find out what is triggering the bans rather than loosening the bans for every request non-invision included
     
  10. Jul 2, 2019 #10
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    I just need that as it is causing issues as a temporary solution until i find out what is going on....

    It is from the Spam service but i need to find out more....
    Code:
    https://remoteservices.invisionpower.com
    In the meantime i was checking to increase it temporary .....
     
  11. Jul 2, 2019 #11
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    well you need to know what's triggering CSF Firewall to know which setting in /etc/csf/csf.conf to adjust heh
     
  12. Jul 2, 2019 #12
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:52 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    I thought that it was a specific setting for temporary bans at around 100 connections..... Damn...
     
  13. Jul 2, 2019 #13
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    oh your first post suggests it's ICMP/ping trigger rate limiting
    Code (Text):
    # Set the per IP address incoming ICMP packet rate for PING requests. This
# ratelimits PING requests which if exceeded results in silently rejected
# packets. Disable or increase this value if you are seeing PING drops that you
# do not want
#
# To disable rate limiting set to "0", otherwise set according to the iptables
# documentation for the limit module. For example, "1/s" will limit to one
# packet per second
ICMP_IN_RATE = "1/s"
     
Previous Thread Next Thread
Loading...

.