New csf v11.02

Changes:

  • Integrated UI fix for CloudFlare page
  • Removed non-participated deny options for cxs reputation service
  • Changed PT_SSHDHUNG to use a regex for process cmdline detection
  • Fixed issue with IPv6 client detection in Apache logs

New csf v11.01

Changes:

  • Corrections to readme.txt
  • In UI, display long output into fixed height divs with scrollbars and font size changer
  • Modified Server Check to not display the mod_cloudflare warning if CF_ENABLE enabled
  • Modified Server Check to display a single warning for each PHP check listing affected versions instead of multiple warnings
  • Additional exim check added to Server Check
  • Improvements to ajax output in UI

New csf v11.00

Changes:

  • New Feature: CloudFlare Firewall integration. This feature provides blocking and unblocking functionality with the CloudFlare Firewall from within lfd, together with new CLI commands for direct access. See documentation for CF_ENABLE in csf.conf, information in readme.txt as well as the csf man page
  • Added UI elements for CloudFlare Firewall integration
  • New CLI command –trace [ip]. This replaces the –w, –watch CLI command to Log SYN packets for an IP across iptables chains by using the iptables TRACE module
  • New Feature: Check the size of the ModSecurity IP D/B. This option will send an alert if the ModSecurity IP persistent storage grows excessively large. This is enabled on cPanel by default. See csf.conf for more information
  • New Feature: Allow use of comma separated list of ports in Advanced Allow/Deny Filters
  • WATCH_MODE in csf.conf and –w, –watch CLI commands removed in favour of the new –trace [add/remove] [ip] CLI command
  • Restrict the scope of Perl shebang replacement when installing on cPanel servers
  • Modifications and fixes for the example MESSENGERV2 templates
  • Ensure /proc/sys/net/netfilter/nf_conntrack_helper is enabled at startup to allow connection tracking to continue working on newer kernels
  • Stop needlessly setting <head> and <body> elements in Ajax returns
  • Various corrections and updates to readme.txt
  • Tweaks to the Mobile View UI button arrangement and spacing

New csf v10.23

Changes:

  • On cPanel servers, ensure that the csf driver for WHM is removed on uninstall
  • Added hooks for upcoming cxs IP Reputation Service
  • On non-cPanel servers, added csf.htmltag and csf.bodytag files to UI skinning (STYLE_CUSTOM). See readme.txt for more information
  • MESSENGERV2 released as stable on cPanel servers. This uses the Apache http daemon to provide the web service for MESSENGER HTML and HTTPS
  • Additions to csf.logignore on new installs
  • Added IPv6 support to BLOCKLISTS
  • Added Spamhaus DROPv6 and Stop Forum Spam IPv6 blocklists to csf.blocklists
  • Removed Spamcannibal and added all.s5h.net from/to csf.rbls
  • Fixed issues with IPv6 rule creation attempts when IPV6 disabled
  • Automatically enable WAITLOCK on initial installation if supported

New csf v10.20

Changes:

  • Prevent lfd logrotate from erroring if log files missing
  • Modified Apache ModSecurity regex to cater for changes in logging format on cPanel servers with ModSecurity v2.9.2
  • Modified Apache cxs regex to cater for changes in logging format on cPanel servers with
  • ModSecurity v2.9.2
  • Ensure destination files are owned by root during installation