« previous next »
Pages: [1]

Author Topic: Release firewall by domain  (Read 968 times)

0 Members and 1 Guest are viewing this topic.

Offline
ericofreitas
*
Release firewall by domain
« on: January 31, 2024, 09:52:46 PM »
Hi!
I have a client and he use an app that make download every days of the .exe and use ftBinary in your app.
Every day is very slow and not finish download this exe but if I disable firewall the routine work fine.
I disable modsecurity, but fw i canīt disable fw too for all server.. Can I disable only this domain in fw? or i can do other solution? I canīt relase ipīs because my client will change yours clients constantly and all have only variable ip.
Thanks!
Logged
Offline
overseer
****
Re: Release firewall by domain
« Reply #1 on: January 31, 2024, 10:27:09 PM »
You can whitelist domains in CSF:
https://www.plothost.com/kb/whitelist-hostnames-csf/
If your client has a static IP, you can whitelist them by IP address.
Logged
Offline
ericofreitas
*
Re: Release firewall by domain
« Reply #2 on: January 31, 2024, 10:33:37 PM »
I tried to whitelist domain and got this error: Error: innovaresystem.com.br is not a valid IPv4 or IPv6 address!
Donīt have static ip all clientes
« Last Edit: January 31, 2024, 10:41:36 PM by ericofreitas »
Logged
Offline
Starburst
****
Re: Release firewall by domain
« Reply #3 on: January 31, 2024, 11:09:32 PM »
You can only whitelist IPv4 or IPv6 in CSF/LFD, not domain names.

Ask them for the IP they will be connecting from (hopefully static), and whitelist, and you should be good to go.
If they don't know, have them visit: https://whatismyipaddress.com/
Logged
Offline
ericofreitas
*
Re: Release firewall by domain
« Reply #4 on: February 01, 2024, 10:02:52 PM »
The problem is that they have many clients and all of them not have static ip and sometimes get new clients, sometimes lose others clients :/
Logged
Offline
Starburst
****
Re: Release firewall by domain
« Reply #5 on: February 02, 2024, 01:09:12 AM »
Then you will have to setup a VPN server for them to connect thru, and whitelist the IP from that server.

Or they will have to get a static IP from their ISP.
Logged
Offline
overseer
****
Re: Release firewall by domain
« Reply #6 on: February 02, 2024, 04:31:47 AM »
Or back to my link above, it references dynamic DNS. So each end client could run dynamic DNS update software (if their IPs are truly dynamic) and CSF can whitelist those dynamic DNS names. What is the scale we are referencing? 10 users? 100?
Logged
Offline
Starburst
****
Re: Release firewall by domain
« Reply #7 on: February 02, 2024, 06:23:52 AM »
Problem with whitelisting the IP's for say DynDNS. No-IP, etc. is opening the server up to attacks, since you can't control the access, and allot of script kiddies use those services as well.
Just like the TOR Exits.
Logged
Offline
ericofreitas
*
Re: Release firewall by domain
« Reply #8 on: February 02, 2024, 01:40:11 PM »
I was checking and it turns out that if he removes the binary type when downloading the exe it corrupts, so I asked him to try compressing the file, downloading it and then decompressing it to see if we can use it without being a binary transfer. If it works, I can leave the firewall active, but I won't have actually solved the problem.

Responding to an average of around 100 customers
Logged
Offline
Starburst
****
Re: Release firewall by domain
« Reply #9 on: February 02, 2024, 04:51:52 PM »
With 100 customers, that would defiantly justify setting up a VPN for them.

It's easy enough with AL 9 and OpenVPN.
Logged
Pages: [1]
« previous next »