Results 1 to 6 of 6
Thread: mod_security whitelist
-
09-23-2008, 03:15 AM #1WHT Addict
- Join Date
- Oct 2005
- Posts
- 131
mod_security whitelist
googlebot always gets blocked.
----------
[Tue Sep 23 03:02:37 2008] [error] [client 66.249.72.243] ModSecurity: Access denied with code 500 (phase 4). Pattern match "<b>Warning<\\/b>.{0,100}?:.{0,1000}?\\bon line\\b" at RESPONSE_BODY. [file "/usr/local/apache/conf/modsecurity/modsecurity_crs_50_outbound.conf"] [line "42"] [id "970009"] [msg "PHP Information Leakage"] [severity "WARNING"] [tag "LEAKAGE/ERRORS"] [hostname "www.mysite.com"] [uri "/index.php"] [unique_id "wK49MEVIheIAAAF85nQAAAAd"]
-----------
How do i whitelist a range of IP or domain in mod_security?
Thanks.MamboServe.com - Mambo / Joomla Premiere Hosting (for all cms, blogs, forums)
-
09-23-2008, 04:51 AM #2Junior Guru Wannabe
- Join Date
- Sep 2008
- Location
- Bangalore
- Posts
- 77
My best solution is you just disable mod_security locally for this account alone using .htaccess file.
Just add the below in to it.
SecFilterEngine Off
SecAuditEngine Off
-
09-23-2008, 11:46 AM #3Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
If you're using mod_security v2, you can whitelist your website by adding the following entry to the mod_security configuration file:
SecRule SERVER_NAME "website.com" phase:1,nolog,allow,ctl:ruleEngine=offRACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
09-23-2008, 04:38 PM #4WHT Addict
- Join Date
- Oct 2005
- Posts
- 131
sabarishks, That is your best solution? You probably don't own a server. There's no point for me installing mod_secutiry if i'm just gonna disable it in some accounts. Specially, that's the account that always get hacked.
Pat, thank for your help.Last edited by Joomla; 09-23-2008 at 04:43 PM.
MamboServe.com - Mambo / Joomla Premiere Hosting (for all cms, blogs, forums)
-
09-23-2008, 05:28 PM #5Web Hosting Master
- Join Date
- Apr 2000
- Location
- California
- Posts
- 3,051
I wouldn't disable it for a site, though you can for some good reasons, and you should whitelist, maybe any spiders/bots by checking the USER_AGENT env var, which would make it easier. Exactly what is it flagging though? It looks like it was denying access to index.php, and regardless of it being a spider or not, this probably shouldn't be happening. If it's blocking a search engine spider, it might be blocking legitimate, normal users as well. What was in the body, "on line"?
-
09-23-2008, 06:35 PM #6WHT Addict
- Join Date
- Oct 2005
- Posts
- 131
I got the rules from gotroot.com. I think their rules is a bit more restrictive. I've been trying to analyze the logs and I find a couple of false positives.
Do you have any example rules so I can quickly whitelist the spiders. It's just sometimes, mod_security syntax is sometimes difficult to follow.MamboServe.com - Mambo / Joomla Premiere Hosting (for all cms, blogs, forums)