hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : mod_security whitelist
Reply

Forum Jump

mod_security whitelist

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
WHT Addict
 
Join Date: Oct 2005
Posts: 130

mod_security whitelist


googlebot always gets blocked.

----------
[Tue Sep 23 03:02:37 2008] [error] [client 66.249.72.243] ModSecurity: Access denied with code 500 (phase 4). Pattern match "<b>Warning<\\/b>.{0,100}?:.{0,1000}?\\bon line\\b" at RESPONSE_BODY. [file "/usr/local/apache/conf/modsecurity/modsecurity_crs_50_outbound.conf"] [line "42"] [id "970009"] [msg "PHP Information Leakage"] [severity "WARNING"] [tag "LEAKAGE/ERRORS"] [hostname "www.mysite.com"] [uri "/index.php"] [unique_id "wK49MEVIheIAAAF85nQAAAAd"]
-----------

How do i whitelist a range of IP or domain in mod_security?

Thanks.

__________________
MamboServe.com - Mambo / Joomla Premiere Hosting (for all cms, blogs, forums)



Sponsored Links
  #2  
Old
Junior Guru Wannabe
 
Join Date: Sep 2008
Location: Bangalore
Posts: 77
My best solution is you just disable mod_security locally for this account alone using .htaccess file.

Just add the below in to it.

SecFilterEngine Off
SecAuditEngine Off

  #3  
Old
Security Ninja
 
Join Date: Mar 2003
Location: Canada
Posts: 8,750
If you're using mod_security v2, you can whitelist your website by adding the following entry to the mod_security configuration file:

SecRule SERVER_NAME "website.com" phase:1,nolog,allow,ctl:ruleEngine=off

__________________
Patrick William | RACK911 Labs | Software Security Auditing
300+ Vulnerabilities Found - Get a Quote @ http://www.RACK911Labs.com

www.HostingSecList.com - Security notices for the hosting community.

Sponsored Links
  #4  
Old
WHT Addict
 
Join Date: Oct 2005
Posts: 130
sabarishks, That is your best solution? You probably don't own a server. There's no point for me installing mod_secutiry if i'm just gonna disable it in some accounts. Specially, that's the account that always get hacked.

Pat, thank for your help.

__________________
MamboServe.com - Mambo / Joomla Premiere Hosting (for all cms, blogs, forums)


Last edited by Joomla; 09-23-2008 at 04:43 PM.
  #5  
Old
<insert something witty>
 
Join Date: Apr 2000
Location: California
Posts: 3,051
I wouldn't disable it for a site, though you can for some good reasons, and you should whitelist, maybe any spiders/bots by checking the USER_AGENT env var, which would make it easier. Exactly what is it flagging though? It looks like it was denying access to index.php, and regardless of it being a spider or not, this probably shouldn't be happening. If it's blocking a search engine spider, it might be blocking legitimate, normal users as well. What was in the body, "on line"?

  #6  
Old
WHT Addict
 
Join Date: Oct 2005
Posts: 130
I got the rules from gotroot.com. I think their rules is a bit more restrictive. I've been trying to analyze the logs and I find a couple of false positives.

Do you have any example rules so I can quickly whitelist the spiders. It's just sometimes, mod_security syntax is sometimes difficult to follow.

__________________
MamboServe.com - Mambo / Joomla Premiere Hosting (for all cms, blogs, forums)

Reply

Related posts from TheWhir.com
Title Type Date Posted
Gartner: 75 Percent of Mobile Security Breaches through 2017 Result of App Misconfigurations Web Hosting News 2014-09-16 12:30:59
Bluebox Security Closes $18M Series B Funding Round Web Hosting News 2014-01-20 14:04:43
Trustwave Acquires Data Security Provider Application Security Inc. Web Hosting News 2013-11-11 12:49:52
Sophos Launches Cloud-Based Managed Security Service Web Hosting News 2013-10-29 17:53:59
WHMCS Security Issue Allows for Information Disclosure Web Hosting News 2013-10-25 09:30:46


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?