The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity2 - What is the right way of white listing IP's?

Discussion in 'Security' started by XxUnkn0wnxX, Jan 26, 2015.

  1. XxUnkn0wnxX

    XxUnkn0wnxX Member

    Joined:
    Feb 3, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    i have configured it like this as follows so far.

    i have this in my user conf file at the top:
    Include /usr/local/apache/conf/modsec2.whitelist.conf

    then i have this in my white list conf:
    # ConfigServer ModSecurity whitelist file
    <LocationMatch .*>
    SecRule REMOTE_ADDR "@pmFromFile /usr/local/apache/conf/whitelist.txt" "phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:10341230"
    </LocationMatch>

    now i assume that <LocationMatch .*> apply's to everything yes? - if not what is the correct syntax to make it apply globally throughout all of mod security/apache?

    and in my whitelist.txt i have the IP's going like this:
    192.168.1.1,192.168.0.1,192.168.1.50

    these are just sample IP's. but is it the correct format? or do i do an IP per a line?


    i just need to white list some of the server Ip's that keep getting picked up as a false positive..
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Format for @pmFromFile is one IP (or cidr range) per line.

    You have to restart apache after making any changes. Yes, locationmatch .* applies to every request.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, as mentioned in the previous post, the format is a single IP/range, per line. Keep in mind that these IP addresses are no longer restricted by Mod_Security so you should ensure they are trusted users.

    Thank you.
     
Loading...
Similar Threads - ModSecurity2 right white
  1. Spork Schivago
    Replies:
    12
    Views:
    400

Share This Page