0

I'm try to add Google Ip range on white list for Mod Security

I use Cpanel+Apache 2.4+ModSecurity 2.9.0+OWASP Rules

On several post i se this conf

SecRule REMOTE_ADDR "@ipMatch XX.XX.XX.XX,66.249.64.0/19" "phase:1,nolog,allow,ctl:ruleEngine=Off"

But fail Only work if add a id:rule

SecRule REMOTE_ADDR "@ipMatch XX.XX.XX.XX,66.249.64.0/19" "phase:1,id:'981033',t:none,nolog,pass,ctl:ruleEngine=Off"
abkrim
  • 407
  • 6
  • 18

1 Answers1

1

Ids became mandatory in ModSecurity 2.7: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#id

So guessing the posts you picked this up from there predate this.

Note you should use an id in the range 1-99,999 and not 981033 which is reserved for the OWASP CRS rules.

Barry Pollard
  • 4,461
  • 14
  • 26
  • Only one question. Curios. File of example crete by OWASP ModSecurity, show this rules. But if activate file example, get error http://goo.gl/UEyU8q I'm lost – abkrim Aug 22 '16 at 04:31
  • What error do you get? – Barry Pollard Aug 22 '16 at 05:28
  • On link get rules and show error – abkrim Aug 22 '16 at 06:17
  • Missed that. So error is "Found another rule with same id". And I've already told you in my answer not to use id 981033 because it's reserved and so will already be used if you use the OWASP CRS. So just change the id of the rule you created to an id less than 100,000. – Barry Pollard Aug 22 '16 at 06:22
  • Are you read content of file ? This file it's created By OAWSP, and this file containt examples for use file (commented) . File it's for HOLD LOCAL EXCEPTIONS and need ID rule what you like short-circuit and allow. Read more lines put #EXAMPLE...and original example has a OWASP Rule ID 981033. Why OWASP put an example with rules of OWASP? – abkrim Aug 22 '16 at 07:36
  • Excuse. Fater search string on example 981033, I see that this string it's not in use for OWASP rules. I don't understand way for deactivate rule and IP... desesperate. A lot of thanks and accept my excuses. – abkrim Aug 22 '16 at 07:55
  • Are you running both old (v 2.9.0) and new (v 3.0.0) rules on your server? If so that might explain the issue. Also it's worth upgrading to the latest release candidate version of your rules (v3.0.0-rc2) as looks like you have installed the dev version and the files have been reorganised quite a bit since then. – Barry Pollard Aug 22 '16 at 07:56
  • A lot of thanks. I don't understand well.... I need put a interal rule between 1-99,999, for whitelist IP. Rule it's not rule for exclude, is new rule id. Thanks, now work fine – abkrim Aug 22 '16 at 07:59