Skip to main content

Posts

Showing posts from November, 2019

CWP: How to Allow or Block Traffic by Country in the CSF Firewall

Country-level filtering in CSF uses the Maxmind GeoLite Country database to obtain CIDR (Classless Inter-Domain Routing) ranges for specific countries. Each CIDR range covers all the IP addresses assigned to that country.
There are a number of reasons why a server administrator may wish to block traffic from a specific country, with reducing bandwidth, minimizing exposure to security risks, and ensuring that a site’s content is viewable only in geographic locations where it is permitted among the most common. However, there are several important factors to consider before choosing to filter traffic at the country level:
A small percentage of unwanted traffic still may get through, and a small percentage of desired traffic could be blocked, because:
the CIDR range lists used for country-level blocks are not 100 percent accurate.some Internet Service Providers and web services use non-geographic IP addresses for their clients.proxy services and virtual private networks can be used to mas…

CWP: Rate Limit Incoming Traffic using CSF Connection Tracking Option

CSF – How to limit the number of connections per IP address (Rate Limit Incoming Traffic By CSF Connection Tracking):
The first thing that can be done to mitigate the effects of an incoming attack is to limit the number of connections per IP address. When properly configured, CSF will track the number of connections from IP address hitting the server and block IP addresses at the firewall level should they exceed a defined limit.
It’s important not to set the limit too low, as protocols such as FTP, IMAP, and even HTTP all legitimately make multiple connections. Also, remember that most companies as well as homes and public hotspots may have many different computers on their internal network which all share a single public IP address. To set the limit on connections per IP address, scroll down to the Connection Tracking section of the Firewall Configuration page and set CT_LIMIT to the desired value.
1. If you want use 150 connections per IP address as an upper limit. You may find that…