Googles IP are whitelisted, why and where?

Wabun

• January 31, 2017 09:49

Hi there, since 22nd of Jan Google has performed an infrastructure update and many customer accounts are going over their bandwidth because Google is slurping like a mad dog! I have added a rule in mod-security to stop google-images but at no effort, it is completely ignored, is cPanel having somewhere their [Google IP nets] white-listed in cPanel, if so where as it is going wrong.... Any help much appreciated Jan 31 15:40:19 lfd[393974]: mod_security (id:150) triggered by 66.249.64.1 - ignored Jan 31 15:40:24 lfd[393974]: mod_security (id:150) triggered by 66.249.64.238 - ignored Jan 31 15:40:44 lfd[393974]: mod_security (id:150) triggered by 66.249.64.197 - ignored Jan 31 15:42:35 lfd[393974]: mod_security (id:150) triggered by 66.249.64.242 - ignored Jan 31 15:42:45 lfd[393974]: mod_security (id:150) triggered by 66.249.64.251 - ignored Jan 31 15:44:50 lfd[393974]: mod_security (id:150) triggered by 66.249.64.192 - ignored Jan 31 15:45:00 lfd[393974]: mod_security (id:150) triggered by 66.249.64.238 - ignored Jan 31 15:45:11 lfd[393974]: mod_security (id:150) triggered by 66.249.76.51 - ignored

• 

  cPanelMichael

  • January 31, 2017 22:06

  Hello, Could you let us know the specific rule you added and how you added it? Also, are you using any third-party Mod_Security rules (e.g. OWASP)? Thank you.

  0
• 

  Wabun

  • February 01, 2017 09:42

  Hi, This is the rule: SecRule HTTP_User-Agent "Googlebot-Image/1.0" " deny,log,status:403,id:'150'" No third party installed, just my own rules. Just have the feeling that the Updating Common Mail Providers list is playing a role in allowing Google. Grey-listing is disabled to be sure it's not in the way. Also stopped and started the firewall, no more ideas....

  0
• 

  cPanelMichael

  • February 03, 2017 14:56

  Just have the feeling that the Updating Common Mail Providers list is playing a role in allowing Google. Grey-listing is disabled to be sure it's not in the way.

  
  Hello, The Greylisting feature only affects the Exim service and would not affect the firewall or Mod_Security rules on the system. The output you provided in your initial post is from the CSF/LFD application. You can review the /etc/csf/csf.ignore file to see if you have configured LFD to ignore those IP addresses. Thank you.

  0
• 

  Wabun

  • February 03, 2017 15:00

  Thanks, that file is empty...

  0
• 

  cPanelMichael

  • February 03, 2017 15:18

  You may also want to review the /etc/csf/csf.allow file. Otherwise, you'd need to review your existing Mod Security rules to see if any of the rules include exceptions for those IP addresses. Thank you.

  0
• 

  Wabun

  • February 03, 2017 15:32

  Found it, it was in the file /etc/csf/csf.rignore

  0
• 

  cPanelMichael

  • February 06, 2017 16:15

  I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.