SOLVED Googles IP are whitelisted, why and where?

Wabun

Well-Known Member
Oct 6, 2012
89
5
8
Antwerpen
cPanel Access Level
Root Administrator
Hi there,

since 22nd of Jan Google has performed an infrastructure update and many customer accounts are going over their bandwidth because Google is slurping like a mad dog!

I have added a rule in mod-security to stop google-images but at no effort, it is completely ignored, is cPanel having somewhere their [Google IP nets] white-listed in cPanel, if so where as it is going wrong....

Any help much appreciated

Jan 31 15:40:19 lfd[393974]: mod_security (id:150) triggered by 66.249.64.1 - ignored
Jan 31 15:40:24 lfd[393974]: mod_security (id:150) triggered by 66.249.64.238 - ignored
Jan 31 15:40:44 lfd[393974]: mod_security (id:150) triggered by 66.249.64.197 - ignored
Jan 31 15:42:35 lfd[393974]: mod_security (id:150) triggered by 66.249.64.242 - ignored
Jan 31 15:42:45 lfd[393974]: mod_security (id:150) triggered by 66.249.64.251 - ignored
Jan 31 15:44:50 lfd[393974]: mod_security (id:150) triggered by 66.249.64.192 - ignored
Jan 31 15:45:00 lfd[393974]: mod_security (id:150) triggered by 66.249.64.238 - ignored
Jan 31 15:45:11 lfd[393974]: mod_security (id:150) triggered by 66.249.76.51 - ignored
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

Could you let us know the specific rule you added and how you added it? Also, are you using any third-party Mod_Security rules (e.g. OWASP)?

Thank you.
 

Wabun

Well-Known Member
Oct 6, 2012
89
5
8
Antwerpen
cPanel Access Level
Root Administrator
Hi,

This is the rule:
SecRule HTTP_User-Agent "Googlebot-Image/1.0" " deny,log,status:403,id:'150'"
No third party installed, just my own rules.

Just have the feeling that the Updating Common Mail Providers list is playing a role in allowing Google. Grey-listing is disabled to be sure it's not in the way.

Also stopped and started the firewall, no more ideas....
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Just have the feeling that the Updating Common Mail Providers list is playing a role in allowing Google. Grey-listing is disabled to be sure it's not in the way.
Hello,

The Greylisting feature only affects the Exim service and would not affect the firewall or Mod_Security rules on the system.

The output you provided in your initial post is from the CSF/LFD application. You can review the /etc/csf/csf.ignore file to see if you have configured LFD to ignore those IP addresses.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
You may also want to review the /etc/csf/csf.allow file. Otherwise, you'd need to review your existing Mod Security rules to see if any of the rules include exceptions for those IP addresses.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.