- getBannedIPs: append AutoBanLog rows (latest per IP) not already in DB/JSON
- Skip expired timed bans; tag rows with ban_source autoBanSecurityAlerts
- removeBannedIP/deleteBannedIP: handle synthetic id ablog-<pk> via unban by IP
Integrates webmail and emailDelivery apps, mail-server and install/upgrade
paths, cyberpanel_ols 2.7.0-style binaries, and v2.4.5 UI patterns while
preserving v2.5.5-dev behavior (SnappyMail/PUBLIC_ROOT, childPath in
launchChild, hardened downloads and SSH activity modal).
- dockerManager: add 0001_initial migration (CREATE TABLE IF NOT EXISTS), migrate-and-retry on DB errors, safe error response, fix logging.CyberCPLogFileWriter.writeToFile
- dockerManager/views: listContainersPage fallback HTML with error message if template fails
- dockerManager/viewContainer: improve container log readability (font-size 1rem, color #f1f5f9, line-height 1.6)
- baseTemplate: blockIPAddress also adds ban to firewall BannedIP model so Firewall > Banned IPs shows all
- firewall: getBannedIPs migrate-and-retry on OperationalError/ProgrammingError; install runs migrate firewall
- plogical/upgrade: syncBannedIPsJsonToDb() to sync JSON bans to firewall_bannedips; firewallMigrations() calls it; CyberPanelUpgrade runs firewallMigrations(); someDirectories creates /usr/local/CyberCP/data
- install: explicit migrate firewall after global migrate
- firewallUtilities: add closeConnectionsFromIP() using conntrack -D -s IP
- addBannedIP: when IP already banned, close connections and return success message
- Frontend: always call API on Ban IP so backend can close connections; show server message
- Install: add conntrack-tools (RHEL) / conntrack (Debian/Ubuntu) to all install paths
(rhel_deps, debian_deps, install_modules/01_verify_deps, install.py, venvsetup)
- Search input: add firewall-search-input class, blue focus instead of red (avoids read-only/error look)
- Search button: use btn-search with round futuristic style (match Ban IP/Overview)
- Actions column: center Modify/Unban/Delete in Firewall Rules and Banned IPs tables
- system-status.js: increment() uses document.querySelectorAll (no jQuery), fixes $ is not defined
- upgrade_modules/09_sync.sh: sync firewall static to public/static during upgrade
- to-do/FIREWALL-LOAD-CHANGES.md: doc on file locations and deploy steps
- plogical/firewallUtilities: fix inverted success/failure (result==1 = success); write blocked_ips.log under CyberCP/data for cyberpanel write access
- plogical/processUtilities: when root, use normalExecutioner return value so executioner reflects actual command success/failure
- firewall/firewallManager: addBannedIP uses FirewallUtilities.blockIP; ACL and all errors return JSON with error_message/error; rollback store if block fails
- baseTemplate/views: blockIPAddress uses FirewallUtilities.blockIP instead of subprocess
- baseTemplate/homePage: inline Ban IP calls /firewall/addBannedIP with ip/reason/duration; show server error in notifications
- baseTemplate/system-status.js: handle string response and show server error_message in success and error callbacks
Only files that match current live server; excludes settings.py (deployment-specific), pluginHolder/pluginInstaller (repo ahead), install/cyberpanel scripts (diff), and deleted static files (still on server).
- Added a new fixed position banner in the index.html to announce .htaccess support, including styling and functionality for showing and dismissing the notification.
- Enhanced file manager to support extraction of 7z and rar file formats, with appropriate command handling in filemanager.py.
- Updated JavaScript files to determine extraction types based on file extensions, ensuring compatibility with new formats.
- Modified HTML templates to include options for 7z and rar compression types in the user interface.
https://github.com/usmannasir/cyberpanel/issues/1617#issue-3727006951
These changes improve user experience by providing clear notifications and expanding file management capabilities within CyberPanel.
This commit resolves issues where the OWASP CRS toggle in ModSecurity settings
would appear to flip back to OFF even when installation succeeded, and improves
detection of manually installed OWASP CRS rules.
Issues Fixed:
1. Toggle not updating immediately after installation/uninstallation
2. Manual OWASP installations to rules.conf not detected by toggle
3. Silent installation failures without detailed error logging
Changes:
firewall/static/firewall/firewall.js:
- Update toggle state immediately after successful installation (getOWASPAndComodoStatus(true))
- Update toggle state after failed installation to show correct OFF state
- Provides instant visual feedback instead of requiring page refresh
firewall/firewallManager.py (getOWASPAndComodoStatus):
- Expand detection logic to check both httpd_config.conf AND rules.conf
- Detect manual OWASP installations (Include/modsecurity_rules_file with owasp/crs-setup)
- Case-insensitive pattern matching for better compatibility
plogical/modSec.py (setupOWASPRules):
- Add specific error logging for each installation step failure
- Log detailed messages: directory creation, download, extraction, configuration
- Helps diagnose: network issues, missing tools (wget/unzip), permission problems
Impact:
- Toggle correctly reflects OWASP CRS state after enable/disable operations
- Manual installations following external tutorials now detected correctly
- Installation failures are logged with specific error messages for debugging
- Improves UX by eliminating perception that "toggle keeps flipping back"
Fixes: OWASP CRS toggle UI bug
Related: Community thread https://community.cyberpanel.net/t/4-mod-security-rules-packages/133/8
Related: Ticket #GTPDPO7EV
- Implemented `exportFirewallRules` method in `FirewallManager` to export custom firewall rules to a JSON file, excluding default rules.
- Added `importFirewallRules` method to handle the import of firewall rules from a JSON file, with validation and error handling.
- Updated `urls.py` to include routes for exporting and importing firewall rules.
- Created corresponding view functions in `views.py` to manage requests for exporting and importing rules.
- Enhanced the frontend with buttons for exporting and importing rules, along with appropriate loading and error handling in `firewall.js`.
- Updated the HTML template to include export/import buttons and loading indicators for better user experience.
- Implemented a check to ensure the CyberPanel port 7080 rule exists in the database.
- Added functionality to create the rule if it does not exist, including error handling and logging.
- Updated the rules list after potential creation to reflect changes in the database.
