Version 1 of CSF/LFD Messenger will give an error: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”. Thus if you need it to work with HTTPS then it is the right time to switch to version 3.
Version 3 of the messenger supports SSL certificates. And it can display a message on the blocked IP address to inform the user that they are blocked in the firewall on HTTPS. And here's a guide on how to get it working on a DirectAdmin server.
Open the “/etc/csf/csf.conf” file in the editor and change the following settings:
MESSENGER = "1" MESSENGER_USER = "webapps" MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf" MESSENGER_HTTPS_IN = "443,2222" MESSENGERV3 = "1" MESSENGERV3GROUP = "access"
Restart CSF/LFD service.
The full list of related settings will be as follows:
MESSENGER = "1" MESSENGER_TEMP = "1" MESSENGER_PERM = "1" MESSENGER_USER = "webapps" MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf" MESSENGER_HTTPS_KEY = "/etc/httpd/conf/ssl.key/server.key" MESSENGER_HTTPS_CRT = "/etc/httpd/conf/ssl.crt/server.crt" MESSENGER_HTTPS = "8887" MESSENGER_HTTPS_IN = "443,2222" MESSENGER_HTML = "8888" MESSENGER_HTML_IN = "80" MESSENGER_TEXT = "8889" MESSENGER_TEXT_IN = "21" MESSENGER_RATE = "100/s" MESSENGER_BURST = "150" MESSENGER_CHILDREN = "10" MESSENGER_HTTPS_SKIPMAIL = "1" MESSENGERV3 = "1" MESSENGERV3LOCATION = "/etc/httpd/conf/extra/httpd-includes.conf" MESSENGERV3RESTART = "service httpd restart" MESSENGERV3TEST = "/usr/sbin/apachectl -t" MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf" MESSENGERV3WEBSERVER = "apache" MESSENGERV3PERMS = "711" MESSENGERV3GROUP = "access" MESSENGERV3PHPHANDLER = ""
See section 14 of the /etc/csf/readme.txt file for more information:
14. Messenger Service ##################### This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by several daemons running on ports providing HTTPS, HTML or TEXT message. ...
That’s it.
