APF and CSF Global Trust Service

The Advanced Policy Firewall (APF for short) and ConfigServer Security and Firewall (CSF for short) are two of the most popular software firewalls on the Internet as used by hosting providers as well as those who have virtual private servers (vps – also known as virtual machines or nodes), dedicated, and co-located servers.

APF and CSF have an advanced feature which is a global trust system that allows the party installing and maintaining APF or CSF to point to an external provider for global allow and global deny rules which can extend the protection offered by APF and CSF on the machine.

In our case, we use this feature to pass on benefits to our Managed Security customers from the work we do for our Security Monitoring service customers as well as our Global Security Service customers.

When we review the various security reports as part of the security monitoring service, and see what is being blocked by GSS, we make determinations to update the APF and CSF global deny rules to expand the level of protection.

Through that work as outsourced security specialists for servers located around the the world, we gain incredibly valuable information about hotbeds of malicious activity, IP Addresses, and IP ranges, often times weeks or months before our client’s servers are at risk.

When we harden a server, we install APF or CSF as the software firewall of choice. If you’ve already installed APF or CSF, as part of your own security plan however, we can still provide an incredibly valuable protection or you and your clients through our APF and CSF Global Trust Service.

Every single day, APF and CSF pulls glob_allow.rules (which does not change often, but is reviewed for changes in Parallels support IP addresses) and glob_deny.rules from one of our main servers.

We provide this service freely to customers currently receiving one to many of our security services such as GSS, Security Monitoring, or Security Patching.

Customers who just want access to the APF and CSF global deny file (and none of our other services) can do so for a small monthly per node fee.

Please contact us for more information.

Related news and blog articles: