Mod Security

**aaronkolodjski** · 12-18-2009 08:38 PM

Does Mod Security plugin block bots like msn and google, i installed with the default config in whm and received this:

65.55.106.112 Access denied with code 501 (phase 2). Match of "rx ^((?

?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "38"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"]

That ip is msn bot?

Just woundering if it blocks some of these bots, and if so a link to a ruleset that dont?

Aaron

**aaronkolodjski** · 12-19-2009 10:15 AM

I found a solution to whitelist ips if anybody wants to try this. Keep in mind im not a pro, but found this to work for me. and after doing it msn was able to bot my page

At the very top of your config file in whm for mod security put:

SecRule REMOTE_ADDR "@pmFromFile /pathto/your/whitlist.txt" "nolog,phase:1,allow"

Then drop your ips in the whitelist.txt

restart apache

Works great for me, if thats not the correct way to do this please point out another way with any suggestions, thanx

**aaronkolodjski** · 12-19-2009 10:48 AM

Also in your whitelist.txt file with your ips if you wanna open up a range of ips

just drop the end off the ip like

192.1.168.

Found this to work as well

**Infopro** · 12-19-2009 11:05 AM

You might like to have a peek at this: ConfigServer ModSecurity Control

**aaronkolodjski** · 12-19-2009 11:56 AM

nice tool, but how to you put the ips in. I installed to try it out and it says id number?

**Infopro** · 12-19-2009 06:42 PM

If you look at the image at the link I posted above, you see near bottom a list of files you can edit. Note the one named whitelist. You may not have one here named that, but you can add them.

**aaronkolodjski** · 12-20-2009 11:10 AM

I think the only downside to that is that it removes rules for a domain name. I was looking for something to whitelist ips keeping the rules for the whole server and white listing ips for the whole server to gain normal access with no restrictions.

Leaving one domain open is like leaving the whole server open in my mind. If this tool does do what i am looking for please correct me.

Thanks for your help.

Aaron

**Infopro** · 12-20-2009 06:50 PM

For a domain, or the entire server depending on how you use it, yes that's correct you can use it to easily remove a single (or more) rule that's causing problems. If it's only causing problems on one account and no others then removing it for one domain can come in handy.

As already mentioned, the added rulesets (mentioned at the link above and all over these forums) offer far more protection to the basic rules cPanel gets you started with when you install modsecurity.

Once you've added those additional rules you'll have far more control over things, directly from this GUI. Including the option to add an IP or domain to the appropriate file to "whitelist" it as you are seeking to do.

You might want to read up on this forum and other places to understand it all a bit more. Here's one such thread that might be helpful to get you in the right direction I think.
http://forums.cpanel.net/f34/mod-security-136849.html

LinkBack

Thread Tools

Mod Security

re

re

Mod Security?!

Mod security

Mod Security 2.5, or 2.0?

Simple security question about mod-security rule sets.

Mod Security but how?