modsecurity whitelist ip range

ubuntu apache2 googlebot mod-security mod-security2
12,847

Solution 1

I am using Ubuntu but the result may be the same

SecRule REMOTE_ADDR "@ipMatch 66.249.0.0/16" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"

It is working very well in my servers. If you want to take logs just get rid off nolog command in the sentence. You may change the mask in order to be more precise but it depends on you.

Be aware of using the correct phase. In my case is phase 2.

To be more confident just read: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ipMatch

They prefer @ipMatch operator rather than regexp. Follow @ModSecurity at Twitter

Solution 2

This works with mod_security >=2.8

SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24" phase:1,nolog,allow,ctl:ruleEngine=Off

Solution 3

This one should work; allows all IPs starting with 66.249.64.

SecRule REMOTE_ADDR "^66\.249\.64" "phase:1,nolog,allow"

Solution 4

If you are under a load balancer use:

SecRule REQUEST_HEADERS:X-Forwarded-For "@Contains 37.161.74.122" phase:1,nolog,allow,pass,ctl:ruleEngine=off,id:1
Share:
12,847
user2431427
Author by

user2431427

Updated on June 29, 2022

Comments

  • user2431427
    user2431427 almost 2 years

    I'm trying to whitelist a range of ips (Googlebots) on modsecurity on an Ubuntu 12.04 server. For example, here's a range that I need to whitelist:

    66.249.64.0/19

    I've tried several ways as suggested by others, but only single ips are being blocked, when i try as a range, the whitelist is ignored. I've added the rule to the /usr/share/modsecurity-crs/modsecurity_crs_10_config.conf in a new section at the bottom of the file.

    This works:

    SecRule REMOTE_ADDR "^66.249.65.3" phase:1,nolog,allow,ctl:ruleEngine=Off

    These Don't work:

    SecRule REMOTE_ADDR "^66.249.64.0/19" phase:1,nolog,allow,ctl:ruleEngine=off

    SecRule REMOTE_ADDR "@ipMatch 66.249.64.0/19" "phase:1,nolog,allow"

    SecRule REMOTE_ADDR "^66.249.64\0/19$" phase:1,nolog,allow,ctl:ruleEngine=Off

    I"ve seen several different syntaxes suggested, but none seem to work for my installation. Does the version of mod-security matter? any suggestions? TIA

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache2 installation : libaprutil-1.so.0 => not found
Apache2 service won't start in Ubuntu 15.10
There are processes named 'apache2' running
Updated Apache from 2.2 to 2.4 and now my sub domains are broken
What steps are required to enable SSL on Apache2 with Ubuntu?
How to enable use of .htaccess in Apache on Ubuntu?
Apache www permissions for php script
How to Disable ModSecurity without any Errors
sudo yum install apache2 on amazon linux fails
What is a good way to detect DoS and DDoS in Fail2Ban?