The cPFence Central Dashboard is Here – One Panel. Full Power.: Page 4 - Enhance Control Panel

The cPFence Central Dashboard is Here – One Panel. Full Power.

dalet11

The moment you support Nginx WAF rules is the moment we will migrate to cPFence 🙂

cPFence

You’re very welcome, glad you found it useful. And yes, Ansible is definitely a great tool to have in your stack.

Thanks for the feedback. The new version is highly optimized for smaller VMs, it’s great to hear it’s working well on your end.

dalet11

Thanks, NGINX and Apache WAF support is on the way. Stay tuned!

cPFence

Fixed

Resolved an issue where restoring quarantined files via the WebUI was failing on some servers.

Improved

Enhanced WAF compatibility with the Breakdance Builder for smoother site operation.
Updated the Server Status tool to detect and display disk info correctly on systems using SSD/HDD with MD arrays.

cPFence

Added

Slack notifications integration:
cPFence now supports real-time Slack alerts — perfect for receiving critical notifications on your mobile or desktop.

Notifications include:
- Malware Found
- Full / Smart / Custom Scans Completed
- Rootkit Detected
- WordPress Vulnerabilities Found
- Malicious Entry Found in Database Scan
- Root Login Detected
- IP Reputation Blacklist Detected
- WordPress Integrity Issues Detected
- Watchdog: Server Services Down
- Website Up/Down or Keyword Monitoring Alerts
- High CPU / RAM / Disk / Inode Usage
- cPFence Software Updated
- WordPress Backup Completed
  
  To enable: Go to System Settings → Slack Notifications in your WebUI

Improved

Scan results (Full / Smart / Custom) now automatically notify you via email and Slack (if enabled)
Major enhancements in the WAF module including new detection for web shells, fish shell files, and XSS payloads
Improved several WAF rules to enhance compatibility with upcoming Nginx support, including dedicated Nginx test support
Configuration variable OLS_WAF has been deprecated and replaced by CPF_WAF
Commands --enable-ols-waf and --disable-ols-waf are now replaced with --enable-cpf-waf and --disable-cpf-waf

Fixed

Several minor bug fixes reported by users have been resolved.

btraill

cPFence Thank you kindly for the Slack notifications.

rdbf

cPFence

Really liking the Slack notifications.

Is it possible to disable email notifications when the Slack notifications are enabled and working?

cPFence

btraill Thank you kindly for the Slack notifications.

You're very welcome , happy to hear it's been helpful.

cPFence

Version 3.3.59 (4th June 2025)

Added

New daily settings backup feature:
cPFence now backs up your settings automatically every day and retains the last 30 backups with automatic cleanup. Backups are now stored in /var/cpf_backups instead of the /tmp directory.
Restore a specific backup file:
You can now restore any specific settings backup manually using:
cpfence --restore-cpf-settings <backup-file-name>
Example:
cpfence --restore-cpf-settings cpfence_backup_20250603231650.tar.gz

Improved

Slack notifications now apply setting changes instantly without requiring a restart
Improved support for sending long Slack messages without issues
The cPFence update process now automatically runs a pre-update settings backup and uses it if the built-in backup step fails

Fixed

Minor warning logs in LogSpot module resolved
Slack notification for root login is now correctly triggered
Fixed an issue with restoring cPFence settings via the WebUI

kevinhol

Hugely impressed with CPFence. The product is very well though-through and super useful. Support has been lightning-fast and very helpful. These guys are delivering a lot for very little money.

cPFence

kevinhol

We're thrilled to hear you're enjoying the software. Really appreciate the feedback, it means a lot.

rdbf

Glad you liked it. To stop the emails, just leave the email field empty.

deydod

Hi cPFence
I've enabled it using cpfence --enable-cpf-waf however Apache won't start. Anything else that should be done?
Getting:
Jun 13 00:22:23 s01.xxxxxx.com apachectl[3682542]: AH00526: Syntax error on line 45 of /etc/cpfwaf/owasp-modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf:
Jun 13 00:22:23 s01.xxxxxx.com apachectl[3682542]: Error creating rule: Unknown variable: &MULTIPART_PART_HEADERS
Jun 13 00:22:23 s01.xxxxxx.com apachectl[3682538]: Action 'start' failed.
Jun 13 00:22:23 s01.xxxxxx.com apachectl[3682538]: The Apache error log may have more information

cPFence

deydod

You're probably running an older version of ModSecurity on your Ubuntu 22 box? Drop us a ticket and we'll get you sorted out quickly.

rdbf

cPFence If you're using Apache or Nginx with Enhance, this one's for you.

It is! Much appreciated. If some changes to the Nginx implementation are made by Enhance, the combination would be even better.

cPFence

rdbf

You are most welcome, glad you found it useful.

cPFence

**[Version 3.3.64 (15th June 2025)]

Added

MonitorPro Module now supports all subdomains and add-on domains across your cluster
Full visibility for all types of domains is now available.
ApiMachine Module now supports all subdomains and add-on domains across your cluster
You can now apply bulk tools on all domains—primary or secondary.

Improved

Database scanning will now auto-retry on failure. This should resolve any previous errors users encountered during scans
Server status tool now includes total domains and containers count for better overview

Fixed

Staging sites are now properly excluded from MonitorPro to avoid false alerts

rdbf

cPFence

I have a few questions to better understand cPFence and Enhance, perhaps you can easily answer them.

Is it possible that the WAF is somehow more strict or more responsive on Nginx compared to OLS? There seem to be a lot of false positives on a Nginx server when doing Elementor/Divi design stuff, specifically performing saves, requiring a bunch of repetitive whitelisting.
Is it possible that some features of cPFence (like the security headers?) are blocking any Nginx additional response headers to be set with add_header directives? Otherwise it could be the custom Enhance Nginx package that's doing weird stuff.

webdig

I would like to report an unusual situation I recently observed while using CPfence's email filtering system. An email appearing to be sent from Noreply@omeudominio.pt was automatically accepted because the domain omeudominio.pt is listed in the domain whitelist configured in CPfence.

However, after inspecting the message headers, I noticed that SPF authentication clearly failed:
X-Spamd-Result: default: False [1.00 / 12.00];
R_SPF_FAIL(1.00)[-all];

The source IP address (172.245.23.175) is not authorized in the SPF record for the domain omeudominio.pt, indicating that the email was sent from an unauthorized server. Despite this, the message was accepted without penalty, seemingly because the domain was whitelisted—even though authentication failed.

This behavior represents a significant security risk, as it allows attackers to spoof the sender address of a whitelisted domain and bypass spam and reputation filters simply by using a legitimate-looking "From" address.

Best Regards
Joao Costa

cPFence

webdig

Thanks for your feedback. This is expected, whitelisting a domain will override the rest of the filters. If we require authentication (like SPF/DKIM) for whitelisted domains, it would block spoofed messages, but then legitimate emails could still get flagged if their authentication isn’t set up properly. That’s not what most people expect from a whitelist, so there’s a trade-off.
You should only use the domain whitelist feature if messages from that domain are being wrongly flagged as spam. If you’re seeing spoofed messages get through, you might want to use IP whitelisting instead.

webdig

cPFence Thanks for your reply and for explaining how the domain whitelist currently works.

I understand that your approach aims to avoid false positives in cases where legitimate domains may not yet have SPF or DKIM properly configured. However, I believe that the lack of any additional verification on domain whitelisting presents a significant security risk — especially because spoofed messages can completely bypass all filters simply by matching a whitelisted domain.

With that in mind, I would like to suggest the following improvement for future consideration:

It would be extremely useful to have a configurable option that applies domain whitelisting only if the message passes SPF or DKIM validation.
This option could be disabled by default, but available to advanced users or security-sensitive environments.

In practice, this would help promote the adoption of best practices such as SPF, DKIM and DMARC, while also preventing the whitelist from being used to circumvent spam and reputation filters — something that is currently possible.

Rather than blocking legitimate emails, the goal would be to give administrators the freedom to choose the desired level of trust for whitelisted domains in their environment.

Thank you once again for your attention, and congratulations on the excellent work you're doing with CPfence.

cPFence

webdig

The next version will require either SPF or DKIM to pass, even for whitelisted domains. Cheers.

Steamon

cPFence

What would happen with e-mails to self from a webshop? Enhance does not send a dkim with internal mail traffic if I am using spamexperts a external dkim.

Lately I needed to whitelist some domains / mailboxes to let webshop orders get into the mailbox otherwise they land into spam.

I have not found the main cause yet but I hope it does not return with this.

webdig

cPFence

I would like to sincerely thank you for your quick response to my feedback and, above all, for your swift implementation of the new feature that allows domain whitelisting to be applied only when SPF or DKIM authentication is successful.

This improvement represents a very important step in strengthening CPfence's email security, striking an effective balance between flexibility and protection against spoofing. It’s reassuring to see that your team is open to suggestions and committed to the continuous development of the platform.

Once again, thank you for the excellent work.

Best regards,

cPFence

Steamon

The new version's whitelist rule will trigger if either SPF or DKIM passes. So, if the webshop's email is coming from a server listed in your domain’s SPF record, the whitelist will still work even without a DKIM signature. If both checks fail, the message is scanned normally and might be flagged. To avoid that, add the webshop server’s IP to your SPF record or set up an IP-based whitelist for it. Does that make sense?

« Previous Page Next Page »