I have turned on Firewalld, CSF, and ModSecurity.
Now I am unable to access files using File Manager. I am getting a 403 error. I believe it is a Firewall rule issue. I am not well experienced please help.
Hello, have you added any custom port for access to the cyberpanel?
This problem only happens if you added a custom port and then installed csf.
The csf rules will not contain the custom port and then you get the error.
To open port:
Using the Command Line Interface
Steps to open port in CSF
-
Login to the server using the SSH.
-
Open the configuration file of the CSF as follows.
vi /etc/csf/csf.conf
or nano
- Add the required ports to the csf.conf file
# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,995,143,443,465,587,993,995,1025,7080,8090,40110:40210,{add-your-port-here}”
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873”
- Restart the CSF for the changes to take effect. Run the below command to restart the CSF.
csf -r
It is done!
Hi @pryce
thanks for the reply.
No,
It is a ModSecurity issue.
I turned off CSF and the issue was still there. So, I turned off ModSecurity and now it’s working fine.
Unfortunately, I have no idea how to create ModSecurity rule to solve this issue.
It is not common, I did the activation of csf + mod by the default panel and everything worked fine.
I only got the problem with the customized port as I mentioned above, all the rest worked well.
Let’s wait for some moderator to respond to see if there’s a more improved solution.
Have you downloaded and installed the mod’s default rule packs?
The way is this:
https://{your-ip-server}:8090/firewall/modSecRulesPacks
I believe that if you reactivate with steps 1 through 1, it might work well for you.
I tried your suggestions and got the following errors:
*WARNING* Unable to use FASTSTART as [/sbin/iptables-restore] is not executable or does not exist
*WARNING* Binary location for [IPTABLES_SAVE] [/sbin/iptables-save] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Binary location for [IPTABLES_RESTORE] [/sbin/iptables-restore] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
I have downloaded the rules pack and installed. But it didn’t help.
What is the configuration of your VPS?
Looks like you have little memory to load the settings.
I think that might be the problem.
If it is not memory problem, it may be absence of the package:
try installing if it is centos…
yum install bind-utils -y
or if it’s ubuntu…
apt-get install dnsutils -y
I’ve solved these problems previously on another VPS following these steps. Try and see if it works for you.
Then don’t forget to restart.
It also checks to see if you haven’t changed something else from the file:
/etc/csf/csf.conf
Take a look at this: