Whitelist for IP range on ModSecurity 2.9 & Apache 2.4.3

apache-2.4cpanelmod-security

I'm try to add Google Ip range on white list for Mod Security

I use Cpanel+Apache 2.4+ModSecurity 2.9.0+OWASP Rules

On several post i se this conf

SecRule REMOTE_ADDR "@ipMatch XX.XX.XX.XX,66.249.64.0/19" "phase:1,nolog,allow,ctl:ruleEngine=Off"

But fail Only work if add a id:rule

SecRule REMOTE_ADDR "@ipMatch XX.XX.XX.XX,66.249.64.0/19" "phase:1,id:'981033',t:none,nolog,pass,ctl:ruleEngine=Off"

Best Answer

Ids became mandatory in ModSecurity 2.7: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#id

So guessing the posts you picked this up from there predate this.

Note you should use an id in the range 1-99,999 and not 981033 which is reserved for the OWASP CRS rules.

Related Solutions

Modsecurity whitelist to allow file downloads

use REQUEST_URI to build rule with regular expressions and place it at appropriate place in confuguration file/files like

SecRule REQUEST_URI ".*\.pdf$" phase:1,allow

It's not easy to explain secure way to do this in here, it depends on your architecture and the way your modsecurity is configured now.

How to Whitelist a Certain Cookie String in ModSecurity

You can use SecRuleUpdateTargetById to modify the rule

SecRuleUpdateTargetById 981231 !REQUEST_COOKIES:/^ _CERTAINSTRING/

Which would disable the rule that is causing you pain for request cookies whose name begins with _CERTAINSTRING.

Update:

The rule above needs to be placed after the rule to which it refers is defined. This is normally done by creating a file that is read after all of the CRS rules e.g. based on the location referenced in your audit log message

/usr/local/apache/conf/modsecurity_crs_61_customrules.conf

Best Answer

Related Solutions

Modsecurity whitelist to allow file downloads

How to Whitelist a Certain Cookie String in ModSecurity

Related Topic