The version 1 of the CSF/LFD messenger will give an error: "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". Thus if you need to work it with HTTPS it's the high time to switch to the version 3.
The version 3 of the messenger supports SSL certificates. And it can display a message to a blocked IP address to inform an user that they are blocked in the firewall over HTTPS. And here is a guide on how to make it work on a DirectAdmin server.
Open the file "/etc/csf/csf.conf" in an editor and change the following settings:
MESSENGER = "1" MESSENGER_USER = "webapps" MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf" MESSENGER_HTTPS_IN = "443,2222" MESSENGERV3 = "1" MESSENGERV3GROUP = "access"
Restart CSF/LFD service.
A full list of related settings will be as the following:
MESSENGER = "1" MESSENGER_TEMP = "1" MESSENGER_PERM = "1" MESSENGER_USER = "webapps" MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf" MESSENGER_HTTPS_KEY = "/etc/httpd/conf/ssl.key/server.key" MESSENGER_HTTPS_CRT = "/etc/httpd/conf/ssl.crt/server.crt" MESSENGER_HTTPS = "8887" MESSENGER_HTTPS_IN = "443,2222" MESSENGER_HTML = "8888" MESSENGER_HTML_IN = "80" MESSENGER_TEXT = "8889" MESSENGER_TEXT_IN = "21" MESSENGER_RATE = "100/s" MESSENGER_BURST = "150" MESSENGER_CHILDREN = "10" MESSENGER_HTTPS_SKIPMAIL = "1" MESSENGERV3 = "1" MESSENGERV3LOCATION = "/etc/httpd/conf/extra/httpd-includes.conf" MESSENGERV3RESTART = "service httpd restart" MESSENGERV3TEST = "/usr/sbin/apachectl -t" MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf" MESSENGERV3WEBSERVER = "apache" MESSENGERV3PERMS = "711" MESSENGERV3GROUP = "access" MESSENGERV3PHPHANDLER = ""
For more details check the section 14 of the /etc/csf/readme.txt file:
14. Messenger Service ##################### This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by several daemons running on ports providing HTTPS, HTML or TEXT message. ...
That's it.