Webmin身份验证失败，没有任何错误-正确的用户名和密码失败

我使用基于Apache服务器环境的Ubuntu服务器16.04。我已经安装了CSF-LFD来过滤计算机中的几乎所有端口：

# Setup CSF-LFD:
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
csf -r
perl /usr/local/csf/bin/csftest.pl
# cd /etc/csf && sh uninstall.sh

然后，我安装了Webmin并取消过滤了其本机端口（10000），该端口已由CSF-LFD从以前过滤过：

cat << EOF >> /etc/apt/sources.list

deb http://download.webmin.com/download/repository sarge contrib
EOF
cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
sudo apt-get update
apt-get install webmin -y
sed -i 's/ssl=1/ssl=0/g' /etc/webmin/miniserv.conf
sed -i 'TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,10000"/g' /etc/csf/csf.conf
service csf restart
/etc/init.d/webmin restart

但是我只是无法访问它：当我访问http：// my_ip：10000时，我填写了用户名和密码，单击“登录”，页面刷新了大约0.25秒。我最多可以重复此过程5次，直到被阻止1分钟为止。

我已经在VPS上安装了Webmin数次，并且从未遇到过这样的问题：尝试登录，并且登录失败，并且在任何地方都没有错误，并且没有错误（或者在我看来）。

这种情况很复杂，因为：

。1。我确保输入正确的密码（我在大约5种不同的情况下进行了检查）。

。2。在浏览器缓存刷新后，我从多个浏览器中进行了检查：这不是浏览器缓存问题...

。3。当http：// my_ip：10000不带探针时，我不仅可以进入登录屏幕，端口10,000是LISTEN，因此，这当然不是CSF-LFD问题。看：

root@ubuntu-2gb-fra1-01:/var/webmin# netstat -an | grep :10000
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:10000           0.0.0.0:*

。4。Apache错误日志未显示与Webmin相关的错误：

root@ubuntu-2gb-fra1-01:/var/webmin# tail /var/log/apache2/error.log
[Mon Nov 21 01:13:20.984586 2016] [mpm_prefork:notice] [pid 22959] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Mon Nov 21 01:13:21.040358 2016] [mpm_prefork:notice] [pid 22959] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Mon Nov 21 01:13:21.040376 2016] [core:notice] [pid 22959] AH00094: Command line: '/usr/sbin/apache2'
[Mon Nov 21 01:13:25.730236 2016] [mpm_prefork:notice] [pid 22959] AH00169: caught SIGTERM, shutting down
[Mon Nov 21 01:13:40.492172 2016] [mpm_prefork:notice] [pid 1720] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Mon Nov 21 01:13:40.495566 2016] [core:notice] [pid 1720] AH00094: Command line: '/usr/sbin/apache2'
[Mon Nov 21 07:06:27.483595 2016] [mpm_prefork:notice] [pid 1720] AH00169: caught SIGTERM, shutting down
[Mon Nov 21 07:06:28.568672 2016] [mpm_prefork:notice] [pid 7745] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Mon Nov 21 07:06:28.568778 2016] [core:notice] [pid 7745] AH00094: Command line: '/usr/sbin/apache2'

。5。Apache访问日志未显示与Webmin相关的错误：

root@ubuntu-2gb-fra1-01:/var/webmin# tail /var/log/apache2/access.log
80.246.133.215 - - [21/Nov/2016:20:46:37 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3624 "http://46.101.188.112/" "Mozilla/5.0 (Linux; Android 7.0; Nexus 5X Build/NBD90W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Mobile Safari/537.36"
80.246.133.215 - - [21/Nov/2016:20:46:38 +0000] "GET /favicon.ico HTTP/1.1" 404 505 "http://46.101.188.112/" "Mozilla/5.0 (Linux; Android 7.0; Nexus 5X Build/NBD90W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Mobile Safari/537.36"
46.59.140.166 - - [21/Nov/2016:22:06:26 +0000] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Safari/537.36"
46.59.140.166 - - [21/Nov/2016:22:06:27 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3623 "http://46.101.188.112/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Safari/537.36"
92.247.83.67 - - [21/Nov/2016:23:18:05 +0000] "GET / HTTP/1.0" 200 11595 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
199.241.190.169 - - [21/Nov/2016:23:30:27 +0000] "PROPFIND /webdav/ HTTP/1.1" 405 569 "-" "WEBDAV Client"
36.230.254.210 - - [22/Nov/2016:00:26:57 +0000] "CONNECT 163mx02.mxmail.netease.com:25 HTTP/1.0" 405 546 "-" "-"
54.206.114.46 - - [22/Nov/2016:01:11:03 +0000] "GET / HTTP/1.1" 200 3488 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
212.83.181.85 - - [22/Nov/2016:03:04:27 +0000] "GET http://www.stilllistener.com/checkpoint1/test2/ HTTP/1.1" 404 520 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.57.101.253 - - [22/Nov/2016:03:16:13 +0000] "GET / HTTP/1.0" 200 11595 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"

。6。Webmin miniserv日志没有明确的错误：

root@ubuntu-2gb-fra1-01:/var/webmin# tail /var/webmin/miniserv.error
[21/Nov/2016:01:13:42 +0000] PAM authentication enabled
[21/Nov/2016:07:06:41 +0000] [000.000.000.000] /session_login.cgi : Access denied for 000.000.000.000. The host has been blocked because of too many authentication failures.
[21/Nov/2016:07:50:24 +0000] [000.000.000.000] /session_login.cgi : Access denied for 000.000.000.000. The host has been blocked because of too many authentication failures.
[21/Nov/2016:16:23:46 +0000] miniserv.pl started
[21/Nov/2016:16:23:46 +0000] Using MD5 module Digest::MD5
[21/Nov/2016:16:23:46 +0000] PAM authentication enabled
[21/Nov/2016:20:33:02 +0000] miniserv.pl started
[21/Nov/2016:20:33:02 +0000] Using MD5 module Digest::MD5
[21/Nov/2016:20:33:02 +0000] PAM authentication enabled
[22/Nov/2016:03:05:03 +0000] [000.000.000.000] /session_login.cgi : Access denied for 000.000.000.000. The host has been blocked because of too many authentication failures.

笔记：

1. 即使/etc/webmin/config已经包括在内log=1。两个locate webmin.log或find / -type f -name webmin.log 2>/dev/null，所以我不能使用该特定文件，以进一步调试。

我的问题：

如果以常规方式安装软件，则打开了端口10000，并且在任何地方都没有看到明显的错误（或者在我看来是这样），在这种情况下，还有什么可以防止用户登录Webmin？