Now Reading: CSF/LFD Messenger v3 with DirectAdmin and Apache

Loading
svg
Open

CSF/LFD Messenger v3 with DirectAdmin and Apache

February 9, 20242 min read

Version 1 of CSF/LFD Messenger will give an error: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”. Thus if you need it to work with HTTPS then it is the right time to switch to version 3.

Version 3 of the messenger supports SSL certificates. And it can display a message on the blocked IP address to inform the user that they are blocked in the firewall on HTTPS. And here's a guide on how to get it working on a DirectAdmin server.

CSF/LFD Messenger v3 with DirectAdmin and Apache

Open the “/etc/csf/csf.conf” file in the editor and change the following settings:

MESSENGER = "1"
MESSENGER_USER = "webapps"
MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf"
MESSENGER_HTTPS_IN = "443,2222"
MESSENGERV3 = "1"
MESSENGERV3GROUP = "access"

Restart CSF/LFD service.

The full list of related settings will be as follows:

MESSENGER = "1"
MESSENGER_TEMP = "1"
MESSENGER_PERM = "1"
MESSENGER_USER = "webapps"
MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf"
MESSENGER_HTTPS_KEY = "/etc/httpd/conf/ssl.key/server.key"
MESSENGER_HTTPS_CRT = "/etc/httpd/conf/ssl.crt/server.crt"
MESSENGER_HTTPS = "8887"
MESSENGER_HTTPS_IN = "443,2222"
MESSENGER_HTML = "8888"
MESSENGER_HTML_IN = "80"
MESSENGER_TEXT = "8889"
MESSENGER_TEXT_IN = "21"
MESSENGER_RATE = "100/s"
MESSENGER_BURST = "150"
MESSENGER_CHILDREN = "10"
MESSENGER_HTTPS_SKIPMAIL = "1"
MESSENGERV3 = "1"
MESSENGERV3LOCATION = "/etc/httpd/conf/extra/httpd-includes.conf"
MESSENGERV3RESTART = "service httpd restart"
MESSENGERV3TEST = "/usr/sbin/apachectl -t"
MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf"
MESSENGERV3WEBSERVER = "apache"
MESSENGERV3PERMS = "711"
MESSENGERV3GROUP = "access"
MESSENGERV3PHPHANDLER = ""

See section 14 of the /etc/csf/readme.txt file for more information:

14. Messenger Service
#####################

This feature allows the display of a message to a blocked connecting IP address
to inform the user that they are blocked in the firewall. This can help when
users get themselves blocked, e.g. due to multiple login failures. The service
is provided by several daemons running on ports providing HTTPS, HTML or TEXT
message.

...

That’s it.

How do you vote?

0 People voted this article. 0 Upvotes - 0 Downvotes.
svg

What do you think?

Show comments / Leave a comment

Leave a reply

You may like
Loading
svg