ModSec – White listing

Jan25
by Ike on January 25, 2012 at 12:25 am
Posted In: How to, ModSecurity, One Liners

Whitelist A Rule in Mod Security

 

# Find Modsec Errors

cat /usr/local/apache/logs/error_logs | grep -i modsec

# Check the domain logs if you don’t see it in the apache logs

cat /usr/local/apache/domlogs/$DOMAIN | grep -i modsec

# Add this at the end of either line to search by IP

| grep ipa.dd.re.ss

# Once you find the id [“ID:300016″] and the URI [URI”/wp-admin/themes/]”

vim /usr/local/apache/conf/modsec2/whitelist.conf

# Add the whitelisting code below to white list by ID

<LocationMatch “$URI”>

SecRuleRemoveById $IDNUMBER, $IDNUMER2

</LocationMatch>

# Whitelist By IP Replace 111 222 333 444 with the IP

SecRule REMOTE_ADDR "^111\.222\.333\.444" phase:1,nolog,allow,ctl:ruleEngine=off

#RESTART APACHE

/etc/init.d/httpd restart

└ Tags: , ,