So the ID for a whitelist has to be the ID for an existing rule to whitelist against. Is this how you whitelist an IP address then?
SecRule REMOTE_ADDR "@IPMatch 72.238.15.34" "id:941160,ctl:ruleEngine=Off"
every time I try to whitelist an IP address it says ID already used and won't let apache restart.
For example I see this in my logs:
Code:
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 72.238.15.34] ModSecurity: Warning. Pattern match "(?i)<[^\\\\\\\\... [id "941160"] [rev "2"] [msg "NoScript....
Action: Intercepted (phase 2)
so I want to whitelist IP address 72.238.15.34 againts this rule. so I do:
SecRule REMOTE_ADDR "@IPMatch 72.238.15.34" "id:941160,ctl:ruleEngine=Off"
and it will not work:
Oct 14 08:41:24 core.extremehosting.ca restartsrv_httpd[32070]: ModSecurity: Found another rule with the same id
Oct 14 08:41:24 core.extremehosting.ca systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
What do I have to do to simply whitelist an IP address for a given modsec rule (ID)?