ModSecurity2 - What is the right way of white listing IP's?

XxUnkn0wnxX

• January 26, 2015 14:49

i have configured it like this as follows so far. i have this in my user conf file at the top: Include /usr/local/apache/conf/modsec2.whitelist.conf then i have this in my white list conf: # ConfigServer ModSecurity whitelist file SecRule REMOTE_ADDR "@pmFromFile /usr/local/apache/conf/whitelist.txt" "phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:10341230" now i assume that apply's to everything yes? - if not what is the correct syntax to make it apply globally throughout all of mod security/apache? and in my whitelist.txt i have the IP's going like this: 192.168.1.1,192.168.0.1,192.168.1.50 these are just sample IP's. but is it the correct format? or do i do an IP per a line? i just need to white list some of the server Ip's that keep getting picked up as a false positive..

• 

  quizknows

  • January 26, 2015 22:37

  Format for @pmFromFile is one IP (or cidr range) per line. You have to restart apache after making any changes. Yes, locationmatch .* applies to every request.

  0
• 

  cPanelMichael

  • January 27, 2015 17:04

  Hello :) Yes, as mentioned in the previous post, the format is a single IP/range, per line. Keep in mind that these IP addresses are no longer restricted by Mod_Security so you should ensure they are trusted users. Thank you.

  0

Please sign in to leave a comment.