Cloud9

Well-Known Member
Sep 17, 2012
46
0
6
UK
cPanel Access Level
Root Administrator
I added this

Code:
SecRule REMOTE_ADDR "^XXX\.XXX\.XXX\XXX$" phase:1,nolog,allow,ctl:ruleEngine=Off
To modsec2.conf

But get a syntax error that it has no rule id ?

I just want to whitelist my IP for all mod sec rules
 

Cloud9

Well-Known Member
Sep 17, 2012
46
0
6
UK
cPanel Access Level
Root Administrator
I wanted to whitelist my IP due to not being able to do some stuff in acp on an ipb forum

This is the rule triggered by mod sec

Code:
DOMAIN.com	MYIPADDRESS	950004	[27/Oct/2013:10:49:05 +0000] 
Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at ARGS:nexus_invoice_header. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data "src=\x22http:"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"]
Cause was pasting html code in an IPB forum in the admin control panel

I have whitelisted the rule for that domain - but is that the best solution or can i just whitelist that rule for the acp ?
 

24x7server

Well-Known Member
Apr 17, 2013
1,907
95
78
India
cPanel Access Level
Root Administrator

Cloud9

Well-Known Member
Sep 17, 2012
46
0
6
UK
cPanel Access Level
Root Administrator