The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security Whitelist

Discussion in 'Security' started by Cloud9, Oct 27, 2013.

  1. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I added this

    Code:
    SecRule REMOTE_ADDR "^XXX\.XXX\.XXX\XXX$" phase:1,nolog,allow,ctl:ruleEngine=Off
    To modsec2.conf

    But get a syntax error that it has no rule id ?

    I just want to whitelist my IP for all mod sec rules
     
  2. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I wanted to whitelist my IP due to not being able to do some stuff in acp on an ipb forum

    This is the rule triggered by mod sec

    Code:
    DOMAIN.com	MYIPADDRESS	950004	[27/Oct/2013:10:49:05 +0000] 
    Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at ARGS:nexus_invoice_header. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data "src=\x22http:"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"]
    Cause was pasting html code in an IPB forum in the admin control panel

    I have whitelisted the rule for that domain - but is that the best solution or can i just whitelist that rule for the acp ?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
  5. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks

    Ideally is there any way i can whitelist an IP (my own) so modsec ignores me ?

    - - - Updated - - -

    Thanks

    I have all the CFS stuff installed (its very good) - I still cant see where to whitelist an IP in mod sec - and not tie it to any rule ids
     
  6. georgeb

    georgeb Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    48
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator
    Just add this line in your modsec2.whitelist.conf:
    Code:
    SecRule REMOTE_ADDR "^XX.XX.XX.XX" phase:1,nolog,allow,[I]id:999999999[/I],ctl:ruleEngine=off
    
    Do you see the difference ?

    Regards
     
Loading...

Share This Page