CyberPanel CSF Firewall Configuration Issues - Need Help

Support and Discussion General Discussion
1

Hello CyberPanel Community!

I’m facing several serious issues while configuring CSF (ConfigServer Security & Firewall) in my CyberPanel environment and would appreciate your assistance.

Problem 1: CSF Web Interface Configuration Save Error

Every time I try to change and save settings through the CSF web interface, I encounter the following error:

json

{
  "error_message": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : \u2018 < >.",
  "errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : \u2018 < >."
}

Question: What causes this error? Is there a way to make CSF configuration changes through the web interface?

Currently, I can only make configuration changes through the terminal.

Problem 2: HTACCESS_LOG Configuration Change Rationale

Initially, the CSF configuration had HTACCESS_LOG set as follows:

bash

HTACCESS_LOG = "/usr/local/lsws/logs/error.log"

However, since the 404 error-based automatic blocking feature (LF_APACHE_404) wasn’t working, I changed it to:

bash

HTACCESS_LOG = "/usr/local/lsws/logs/access.log"

Change Rationale:

  • error.log is a web server error log that records server internal processing errors and configuration issues
  • access.log is an HTTP request log that includes IP addresses, status codes (including 404), request URLs, etc.
  • The LF_APACHE_404 feature needs to detect 404 status codes, so HTTP request records are necessary
  • Therefore, access.log is the correct choice

Question: Is this change in the right direction? What is the correct log file path for the LF_APACHE_404 feature in CyberPanel + OpenLiteSpeed environment?

Problem 3: LF_APACHE_404 Feature Completely Non-functional

Despite configuring as follows, the 404 error-based automatic blocking is not working at all:

bash

LF_APACHE_404 = "60"
LF_INTERVAL = "3600"
HTACCESS_LOG = "/usr/local/lsws/logs/access.log"
TESTING = "0"

Confirmed Normal Status:

  • LFD service running normally (systemctl status lfd)
  • Log file being monitored normally (lsof -p $(pgrep lfd) | grep access.log)
  • OpenLiteSpeed log files added to csf.logfiles
  • Log format fully compatible with Apache standard

Test Results:

  • Intentionally generated 60+ 404 errors → No response
  • grep "lfd:" /etc/csf/csf.deny → No results
  • grep "PERMBLOCK" /var/log/lfd.log → No results

Questions:

  1. Are there any cases where the LF_APACHE_404 feature works normally in CyberPanel + OpenLiteSpeed environment?
  2. Could there be additional configuration or permission issues?
  3. Are other CyberPanel users experiencing the same problem?

Environment Information

  • CyberPanel Version: 2.4 (Build 2)
  • Current Commit: f745bb558db518123f0d37831ba0b58eb5bb0390
  • CSF Version: v14.24 (CyberPanel)
  • Web Server: OpenLiteSpeed
  • OS: Ubuntu/CentOS [version]
  • Timezone: Asia/Seoul (KST, +0900)

Requests

  1. CSF web interface error resolution method
  2. LF_APACHE_404 feature activation method
  3. Proper CSF configuration guide for CyberPanel environment
  4. Sharing similar experiences from other users

I would appreciate help from those who have experienced similar issues or know how to resolve them.

Thank you!