How can I show a message to users blocked by the login failure daemon?

Messenger Service

The messenger service can display a message to a blocked connecting IP address to inform the user that they are blocked by the firewall. The service is provided by two daemons running on ports providing either an HTML or TEXT message. The iptables module ipt_REDIRECT is required.

To enable the messenger service

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service.
  2. Check the Messenger service checkbox.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To customize the messenger service message

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service -> Messenger Templates
  2. Select the template you want to edit.
  3. Click the Update button to save your settings.

Messenger V3 Service (optional)

The messenger V3 service was added in Juggernaut 3.0 and uses Apache to provide the web server functionality for the messenger services. It uses a fraction of the resources that the LFD inbuilt service uses and overcomes the memory overhead of using the messenger HTTPS service. This option is recommended for advanced users who host a lot of domains as it provides better PCI compliance, multi-language support, and uses less resources.

  1. The messenger V3 uses the PHP on the server so the OS PHP and fast-cgi packages have to be installed. You can install them using the command: plesk installer add --components mod_fcgid,phpgroup
  2. Messenger V3 templates are located in the /home/csf/ directory.
  3. The PHP files in /home/csf/public_html are subject to any modsecurity rules that you may be using.
  4. See here for troubleshooting messenger 3 issues.

To enable the messenger v3 service

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service.
  2. Check the Messenger V3 checkbox.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

Messenger V3

Testing the Messenger Service

After you have enabled the messenger service and restarted the login failure daemon you can click on the link icons next to the HTTPS HTML Message port (SSL) and HTML Message port (non-SSL) to view the messenger page that a user would see. You can also access it directly using: http://<server_ip_address>:8888 or https://<server_ip_address>:8887 You will get an SSL warning which is normal as you are accessing it using the hostname of the server which normally doesn't have an SSL certificate installed.

Messenger Service Testing

Messenger Logs

Messenger logs are normally located in /var/log/lfd.log and if you have the messenger v3 service enabled then you can see errors in the Apache log AlmaLinux/Centos/RHEL/CloudLinux: /var/log/httpd/error_log or Debian/Ubuntu: /var/log/apache2/error_log

Modsecurity Exceptions

If you find that you have modsecurity rules that are blocking the messenger v3 service you could disable the specific rules for for the /home/csf/public_html directory only. For example add the file /etc/httpd/conf.d/messengerv3.conf on Centos/RHEL/AlmaLinux or /etc/apache2/conf-enabled/messengerv3.conf on Debian/Ubuntu then restart the Apache web server:

<IfModule mod_security2.c>
    <Directory /home/csf/public_html>
        SecRuleRemoveById 942200 942260 950100
    </Directory>
</ifModule>

CloudLinux

CloudLinux users with CageFS enabled should disable CageFS for the csf user:

cagefsctl --disable csf

 

  • messenger
  • 0 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...

Where are the configuration files for Juggernaut Firewall located?

Configuration files are located in the /etc/csf/ directory with the main firewall configuration...

How can I use Juggernaut Firewall to monitor a list of directories?

Enter the Directories You Want To Monitor Navigate to Juggernaut Firewall -> Settings ->...