Prior to today, customers on our GSS system that were using APF for their software firewall had spend time checking why an IP address was blocked by our global security service.
Is the IP active in their iptables firewall? Is it in APF’s deny_hosts.rules file? If not, then I need to go and check another log file to see if it is in that log file.
It was time consuming, and for IP addresses blocked by our GSS system, customers had to manually remove the IP if the IP block was a false positive.
Now, customers using APF just have to check their deny_hosts.rules file to see if our GSS system blocked and IP and for what rule.
For example on our of our client servers, their deny_hosts.rules file shows the following (in part):
# added 220.127.116.11 on 12/02/11 04:35:00 with comment: gss block for rule id 9952
# added 18.104.22.168 on 12/02/11 07:48:36 with comment: gss block for rule id 5720
Now, if a customer using APF determines the IP block was a false positive, they can use APF directly to remove the false positive.
For those not familiar with our global security service, the above IP addresses are blocked for a period of time with repeat offenders being blocked longer, even longer, and much longer.
Please contact us if you have any questions.