Mod Security Whitelist

Cloud9 · Oct 27, 2013

I added this

Code:

SecRule REMOTE_ADDR "^XXX\.XXX\.XXX\XXX$" phase:1,nolog,allow,ctl:ruleEngine=Off

To modsec2.conf

But get a syntax error that it has no rule id ?

I just want to whitelist my IP for all mod sec rules

Cloud9 · Oct 27, 2013

I wanted to whitelist my IP due to not being able to do some stuff in acp on an ipb forum

This is the rule triggered by mod sec

Code:

DOMAIN.com	MYIPADDRESS	950004	[27/Oct/2013:10:49:05 +0000] 
Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at ARGS:nexus_invoice_header. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data "src=\x22http:"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"]

Cause was pasting html code in an IPB forum in the admin control panel

I have whitelisted the rule for that domain - but is that the best solution or can i just whitelist that rule for the acp ?

Infopro · Oct 27, 2013

You'll find this plugin helpful in making that task a bit easier to manage:
ConfigServer ModSecurity Control | cPanel App Catalog

24x7server · Oct 27, 2013

Hello,

Also you can disable the mod_sec for one domain using the following code in your conf file.

Code:

<IfModule mod_security2.c>
  SecRuleEngine Off
</IfModule>

Please check : https://www.atomicorp.com/wiki/index.php/Mod_security#Disabling_Mod_security_per_domain

Cloud9 · Oct 27, 2013

Thanks

Ideally is there any way i can whitelist an IP (my own) so modsec ignores me ?

- - - Updated - - -

Infopro said:
You'll find this plugin helpful in making that task a bit easier to manage:
ConfigServer ModSecurity Control | cPanel App Catalog

Thanks

I have all the CFS stuff installed (its very good) - I still cant see where to whitelist an IP in mod sec - and not tie it to any rule ids

georgeb · Oct 27, 2013

Just add this line in your modsec2.whitelist.conf:

Code:

SecRule REMOTE_ADDR "^XX.XX.XX.XX" phase:1,nolog,allow,[I]id:999999999[/I],ctl:ruleEngine=off

Do you see the difference ?

Regards

Thread starter	Similar threads	Forum	Replies	Date
H	How can i Whitelist an IP address in ModSecurity on CentOS 7?	Security	3	Dec 25, 2020
S	SOLVED ModSecurity: IP whitelisting doesn't work	Security	10	Dec 8, 2020
R	ModSecurity False Positive WordPress - How can I temporarily whitelist specific for this website?	Security	12	Aug 12, 2020
J	Mod_Security whitelist	Security	5	Apr 16, 2019
	Mod Security whitelist one file	Security	4	May 27, 2018

Search

Search

Mod Security Whitelist

Cloud9

Well-Known Member

Cloud9

Well-Known Member

Infopro

Well-Known Member

24x7server

Well-Known Member

Cloud9

Well-Known Member

georgeb

Well-Known Member