Edit default IP block page in csf + cPanel

CSF is a popular software firewall for cPanel servers, more info can be found on the authors web site: http://www.ConfigServer.com , we have worked with the authors Way to the Web Ltd. for many years / fantastic products and services.

The default page is taking from the location :


Make sure that you enable the messenger service in /etc/csf/csf.conf

Reference : http://configserver.com/free/csf/readme.txt

You can customize the page according to your Hosting provider…..

That’s it !

See sourced post from Tweak the Server

Here is some parsed info on the above by way of the readme.txt file:

14. Messenger Service

This feature allows the display of a message to a blocked connecting IP address
to inform the user that they are blocked in the firewall. This can help when
users get themselves blocked, e.g. due to multiple login failures. The service
is provided by two daemons running on ports providing either an HTML or TEXT

This services uses the iptables nat table and the associated PREROUTING chain.
The ipt_REDIRECT module is used to redirect the incoming port to the relevant
messenger service server port.

Temporary and/or permanent (csf.deny) IP addresses can be serviced by this

It does NOT include redirection of any GLOBAL or BLOCK deny lists.

It does require the IO::Socket::INET perl module.

It does NOT work on servers that do not have the iptables module ipt_REDIRECT
loaded. Typically, this will be with Monolithic kernels. VPS server admins
should check with their VPS host provider that the iptables module is included.

If you change any of the files in /etc/csf/messenger/ you must restart lfd as
they are all cached in memory.

HTML Messenger Server

The HTML message that is displayed is provided by the file:


The HTML server providing this page is very rudimentary but will accept the use
of linked images that are stored in the /etc/csf/messenger/ directory. The
images must be of either jpg, gif or png format. These images are loaded into
memory so you should keep the number and size to a minimum. No other linked
resource files are supported (e.g. .css, .js).

As the HTML server requires interaction with the client, there is a timer on
the connection to prevent port hogging.

The server has a built-in function that will replace the text [IPADDRESS] in
index.html with the IP address that is blocked by the firewall. This will help
the blocked user know what their blocked IP address is. You can also use the
text [HOSTAME] which will be replaced by the servers FQDN hostname.

The HTML server does not support SSL connections, so redirecting port 443 will
not work.

The HTML server port should not be added to the TCP_IN list.

There is a maximum of 15 port allowed in MESSENGER_HTML_IN.

Liquid Layer Networks | Performance Cloud Web Hosting

ParagonHost Networks | Web Hosting since 2000