# Allow unrestricted access from 192.168.1.100 SecRule REMOTE_ADDR "^192\.168\.1\.100$" phase:1,id:95,nolog,allow
Could you be a little more specific? Do you want to whitelist a particular rule for a specific remote address? It can be done, but it's more of a modification to the rule itself than a whitelist entry.Is there any way to whitelist ip-rule pair or even better ip-rule-hostname so that the rule still gets triggered by other IP address? In this case there is no load balancer and the requests come directly.
I can probably help you with that if you have the error log entry. There are ways to disable rules on a per IP basis using ctl. For example if rule ID 99999 is tripping for localhost (127.0.0.1) something like this would probably fix it:Has this been fixed yet? turned mod security back on and it's immediately blocking cpanel internal requests from 127.0.0.1 again.
Hello,Generally though I recommend whitelisting broken rules instead. I made cPanel aware in the past that their autodiscover user agent is (was?) libwww-perl which is blocked by many modsec rule sets. I'm still waiting on an update to case CPANEL-268 for a resolution of this as far as I know. I was hoping that was already fixed. If you have log entries from the cpanel autodiscover IP addresses we can figure out why they're being blocked.
Case CPANEL-268: Add a non-default user-agent string to autoconfig/autodiscover.cpanel.net to ensure that it's not blocked by Mod_Security.
Hello,For this type of request I think there was another error that was getting logged. I don't have it with me, but each time I see it I use the report option. Not that cPanel ever bothers to look at, much less fix, reported bugs.
In addition to reporting a false positive to OWASP through WHM, you can also find the mailing list for the OWASP ModSecurity core rule list at:As with any mechanism that blocks web traffic, there is the risk that the rules could block legitimate traffic (false positives). While both OWASP and cPanel, Inc. aim to curate the OWASP rule set to reduce the potential for false positives, there is a risk that the rule set may block legitimate traffic. Review the ModSecurity Tools ( Home >> Security Center >> ModSecurity™ Tools ) interface routinely to evaluate the traffic that the rule set blocks and whether these blocks affect legitimate users.
|Thread starter||Similar threads||Forum||Replies||Date|
|R||cPHulk Brute Force Protection Blocking My Email When I Am Trying From Non Whitelisted IP Address||Security||9|
|P||cPHulk Brute Force Protection whitelist error||Security||4|
|R||SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications||Security||6|
|M||cphulkd is not enabled when I whitelist IP-Address||Security||0|
|cPHulk Brute Force Protection Blocking My Email When I Am Trying From Non Whitelisted IP Address|
|cPHulk Brute Force Protection whitelist error|
|SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications|
|cphulkd is not enabled when I whitelist IP-Address|