- getBannedIPs: append AutoBanLog rows (latest per IP) not already in DB/JSON
- Skip expired timed bans; tag rows with ban_source autoBanSecurityAlerts
- removeBannedIP/deleteBannedIP: handle synthetic id ablog-<pk> via unban by IP
Integrates webmail and emailDelivery apps, mail-server and install/upgrade
paths, cyberpanel_ols 2.7.0-style binaries, and v2.4.5 UI patterns while
preserving v2.5.5-dev behavior (SnappyMail/PUBLIC_ROOT, childPath in
launchChild, hardened downloads and SSH activity modal).
- dockerManager: add 0001_initial migration (CREATE TABLE IF NOT EXISTS), migrate-and-retry on DB errors, safe error response, fix logging.CyberCPLogFileWriter.writeToFile
- dockerManager/views: listContainersPage fallback HTML with error message if template fails
- dockerManager/viewContainer: improve container log readability (font-size 1rem, color #f1f5f9, line-height 1.6)
- baseTemplate: blockIPAddress also adds ban to firewall BannedIP model so Firewall > Banned IPs shows all
- firewall: getBannedIPs migrate-and-retry on OperationalError/ProgrammingError; install runs migrate firewall
- plogical/upgrade: syncBannedIPsJsonToDb() to sync JSON bans to firewall_bannedips; firewallMigrations() calls it; CyberPanelUpgrade runs firewallMigrations(); someDirectories creates /usr/local/CyberCP/data
- install: explicit migrate firewall after global migrate
- firewallUtilities: add closeConnectionsFromIP() using conntrack -D -s IP
- addBannedIP: when IP already banned, close connections and return success message
- Frontend: always call API on Ban IP so backend can close connections; show server message
- Install: add conntrack-tools (RHEL) / conntrack (Debian/Ubuntu) to all install paths
(rhel_deps, debian_deps, install_modules/01_verify_deps, install.py, venvsetup)
- Search input: add firewall-search-input class, blue focus instead of red (avoids read-only/error look)
- Search button: use btn-search with round futuristic style (match Ban IP/Overview)
- Actions column: center Modify/Unban/Delete in Firewall Rules and Banned IPs tables
- system-status.js: increment() uses document.querySelectorAll (no jQuery), fixes $ is not defined
- upgrade_modules/09_sync.sh: sync firewall static to public/static during upgrade
- to-do/FIREWALL-LOAD-CHANGES.md: doc on file locations and deploy steps
Remove duplicate click/mousedown listeners on firewall tab nav that conflicted
with Angular ng-click. Let ng-click handle all tab clicks; keep only hashchange
sync for back/forward navigation.
- Add searchBannedIPFilter for searching banned IPs by IP, reason, or status
- Add openModifyModal, closeModifyModal, saveModifyBannedIP for modify modal
- Add exportBannedIPs and importBannedIPs for export/import buttons
- Wrap localStorage in try-catch in base template to handle Tracking Prevention
(Firefox/Safari blocking storage access for cross-site context)
- Fixes firewall banned IPs page search and functionality
- plogical/firewallUtilities: fix inverted success/failure (result==1 = success); write blocked_ips.log under CyberCP/data for cyberpanel write access
- plogical/processUtilities: when root, use normalExecutioner return value so executioner reflects actual command success/failure
- firewall/firewallManager: addBannedIP uses FirewallUtilities.blockIP; ACL and all errors return JSON with error_message/error; rollback store if block fails
- baseTemplate/views: blockIPAddress uses FirewallUtilities.blockIP instead of subprocess
- baseTemplate/homePage: inline Ban IP calls /firewall/addBannedIP with ip/reason/duration; show server error in notifications
- baseTemplate/system-status.js: handle string response and show server error_message in success and error callbacks
Only files that match current live server; excludes settings.py (deployment-specific), pluginHolder/pluginInstaller (repo ahead), install/cyberpanel scripts (diff), and deleted static files (still on server).
- Add modifyRule function to allow editing firewall rules without deletion
- Add modify button and modal for firewall rules (similar to banned IPs)
- Fix exportRules function to properly handle file downloads with blob response
- Improve importRules function with better error handling and PNotify notifications
- Add exportBannedIPs and importBannedIPs functionality
- Add export/import buttons for banned IPs
- Improve error handling and user feedback for all export/import operations
- Add proper validation and duplicate detection for imports
- Remove readonly attribute from IP address field in modify modal
- Make IP address field editable when modal opens
- Update modifyBannedIP function to include IP address in save request
- Remove conflicting onclick handler that was blocking ng-click
- Update help text to reflect that IP address can be changed
- Add IP address validation in modifyBannedIP function
- Added a new fixed position banner in the index.html to announce .htaccess support, including styling and functionality for showing and dismissing the notification.
- Enhanced file manager to support extraction of 7z and rar file formats, with appropriate command handling in filemanager.py.
- Updated JavaScript files to determine extraction types based on file extensions, ensuring compatibility with new formats.
- Modified HTML templates to include options for 7z and rar compression types in the user interface.
https://github.com/usmannasir/cyberpanel/issues/1617#issue-3727006951
These changes improve user experience by providing clear notifications and expanding file management capabilities within CyberPanel.
1. Move flag reset outside conditional blocks - flags now always reset
even if ModSecurity is not installed or AJAX fails
2. Reset flags in error handler (cantLoadInitialDatas) as well
3. Add showLoader parameter to getOWASPAndComodoStatus - loader only
shows when explicitly requested, not during initial status check
This fixes:
- Toggle not responding to clicks (flags were stuck as true)
- Spinner showing on initial page load (now only shows during install)
Fixes issues where toggle became unresponsive and triggered recursive calls:
1. Add flags (updatingOWASPStatus, updatingComodoStatus) to prevent change
event handlers from triggering when status check updates toggle state
2. Guard change event handlers to return early when flags are set
3. IMPORTANT: Still increment counters when returning early to maintain
correct counter state for subsequent user clicks
4. Set flags before updating toggle via prop('checked'), reset after 100ms
5. Use timeout delays (500ms) before status checks after install/uninstall
to allow operations to complete and prevent race conditions
This ensures:
- Toggle responds correctly to user clicks on first click
- Status updates don't trigger unwanted installations
- Counter state is maintained even when skipping automatic updates
- No recursive loops when updating toggle state
This commit resolves issues where the OWASP CRS toggle in ModSecurity settings
would appear to flip back to OFF even when installation succeeded, and improves
detection of manually installed OWASP CRS rules.
Issues Fixed:
1. Toggle not updating immediately after installation/uninstallation
2. Manual OWASP installations to rules.conf not detected by toggle
3. Silent installation failures without detailed error logging
Changes:
firewall/static/firewall/firewall.js:
- Update toggle state immediately after successful installation (getOWASPAndComodoStatus(true))
- Update toggle state after failed installation to show correct OFF state
- Provides instant visual feedback instead of requiring page refresh
firewall/firewallManager.py (getOWASPAndComodoStatus):
- Expand detection logic to check both httpd_config.conf AND rules.conf
- Detect manual OWASP installations (Include/modsecurity_rules_file with owasp/crs-setup)
- Case-insensitive pattern matching for better compatibility
plogical/modSec.py (setupOWASPRules):
- Add specific error logging for each installation step failure
- Log detailed messages: directory creation, download, extraction, configuration
- Helps diagnose: network issues, missing tools (wget/unzip), permission problems
Impact:
- Toggle correctly reflects OWASP CRS state after enable/disable operations
- Manual installations following external tutorials now detected correctly
- Installation failures are logged with specific error messages for debugging
- Improves UX by eliminating perception that "toggle keeps flipping back"
Fixes: OWASP CRS toggle UI bug
Related: Community thread https://community.cyberpanel.net/t/4-mod-security-rules-packages/133/8
Related: Ticket #GTPDPO7EV
- Added a static method to ensure ImunifyAV assets are created and permissions set correctly in CageFS.py.
- Updated the URL routing in urls.py to include paths for ImunifyAV, supporting both legacy and new routes.
- Modified the ImunifyAV HTML template to use Django's URL template tag for better maintainability.
- Enhanced the cyberpanel_fixes.sh script to ensure ImunifyAV UI assets are installed during fixes.
- Improved database user resolution and password handling in mysqlUtilities.py for better security and reliability.
This update enhances the integration and management of ImunifyAV within the CyberPanel environment.
- Implemented `exportFirewallRules` method in `FirewallManager` to export custom firewall rules to a JSON file, excluding default rules.
- Added `importFirewallRules` method to handle the import of firewall rules from a JSON file, with validation and error handling.
- Updated `urls.py` to include routes for exporting and importing firewall rules.
- Created corresponding view functions in `views.py` to manage requests for exporting and importing rules.
- Enhanced the frontend with buttons for exporting and importing rules, along with appropriate loading and error handling in `firewall.js`.
- Updated the HTML template to include export/import buttons and loading indicators for better user experience.
- Implemented a check to ensure the CyberPanel port 7080 rule exists in the database.
- Added functionality to create the rule if it does not exist, including error handling and logging.
- Updated the rules list after potential creation to reflect changes in the database.
- Remove CSF menu item from sidebar navigation
- Disable CSF-related URL endpoints in firewall module
- Update upgrade process to automatically remove CSF and restore firewalld
- Archive CSF template and configuration files
- Clean up CSF references in settings and upgrade scripts
CSF (ConfigServer Security & Firewall) is shutting down on August 31, 2025.
This commit removes CSF integration and ensures firewalld is restored as the
default firewall solution during upgrades.
Fixes#1473
