lfd blocked too many connections

[keat63]

In my logs i'm seeing
Subject: lfd on my.server.co.uk: xx.xxx.xx.xxx (GB/United Kingdom/xx.xxx.xx.xxx.dsl.in-addr.zen.co.uk) blocked with too many connections

I know exactly what this is, it's a database sync between our internal server and web server.
My IP is whitelisted in CSF.
Any ideas what I might need to do in CSF to fix this ?

 

[ejsolutions]

Read the CSF readme carefully.
Whitelisting doesn't exempt an IP from being blocked, only ignore does that and that's inadvisable for anything other than your own client IP(s).
Raise the number of acceptable connections in CSF (PS_LIMIT), from the default; by the minimum amount in order to stop the blocks. Also, ensure that your zen.co.uk server isn't sending out unnecessary port scans, which will be the root of your problem. (This will limit port scan detection effectiveness.)
Note: if your web server sends out multiple database port connections (not just 3306, the default port) per web query, then you may be forced to add that IP to the ignore list. This will in effect open a backdoor with regards to CSF and a compromised webserver may propagate to the database server.

 

[cPRex]

Thanks, @ejsolutions !!!

 

[quietFinn]

In my logs i'm seeing
Subject: lfd on my.server.co.uk: xx.xxx.xx.xxx (GB/United Kingdom/xx.xxx.xx.xxx.dsl.in-addr.zen.co.uk) blocked with too many connections

I know exactly what this is, it's a database sync between our internal server and web server.
My IP is whitelisted in CSF.
Any ideas what I might need to do in CSF to fix this ?

Add your IP to /etc/csf/csf.ignore file and restart csf/lfd

 

[keat63]

IP is whiteleisted in CSF, but i've now added it to ignore file.