Why cPFence May Not Block Certain Connections?

cPFence is designed to intelligently handle incoming traffic and block malicious or abusive behavior. However, in specific scenarios, certain connections may not be blocked automatically. This article explains these cases and provides steps to manage such situations effectively.

When Does cPFence Not Block Connections?

  • 1. Fewer Than 100 Concurrent Connections:

    If the number of concurrent requests from a user is fewer than 100, cPFence does not treat them as abusive and will not block them automatically.

  • 2. Connections Proxied Behind Cloudflare:

    All Cloudflare IPs are whitelisted by default in cPFence. This means requests passing through Cloudflare will not be blocked unless explicitly managed.

  • 3. Short "Hit-and-Run" Connections:

    Short-lived connections that do not persist or consume significant server resources are not considered abusive and will not trigger cPFence’s blocking mechanisms.

How to Address These Scenarios

To manage and mitigate the impact of such connections, you can take the following steps:

  • 1. Limit User Resources:

    Restrict the resources available to the user to prevent them from overloading the server. To effectively manage server load, it’s crucial to set CPU and RAM limits directly within the Enhance control panel. We suggest starting with limits like 0.4 CPU and 500 MB of memory for high-usage users and adjusting based on observed behavior. Avoid allocating too many resources to potentially abusive accounts; for instance, assigning 2 vCPUs can often lead to resource abuse.

  • 2. Use cPFence Owl to Blacklist Users:

    Add the user to the Owl blacklist to restrict their access and prevent excessive server resource consumption. For detailed instructions, refer to our guide:

    Managing Slow Queries and Scripts Using cPFence Owl

Final Notes

While cPFence offers robust automatic protection against abusive and malicious behavior, certain scenarios require manual intervention to blacklist abusive users using the Owl module. Once configured, this becomes a "set it and forget it" process, with Owl continuously monitoring user behavior, preventing overload, and ensuring optimal server performance.


Need Further Assistance?

If you have any questions or need help, please contact our support team via the client portal.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to use cPFence IPDB / DDoS Module ?

cPFence provides robust tools for managing IP databases (IPDB) and protecting against DDoS...

How to Whitelist / Blacklist a Full Country ?

This guide explains how to whitelist or blacklist entire countries in cPFence. You can manage...

How to Whitelist / Blacklist an IP ?

This guide explains how to manage IP addresses by adding them to the whitelist or blacklist in...

How to Fix Bulk IP Blacklisting or Whitelisting Issues in cPFence?

If you're facing issues when attempting to bulk blacklist or whitelist IPs in cPFence, the most...

How to Check the Status of an IP in cPFence?

cPFence allows you to quickly check the current state of an IP address to see if it has been...