0

I'm trying to nolog for a particular IP 10.68.***.96 and 127.0.0.1 address but it seem not working...

I already tried the following configurations (I know that some of them are depreciated but it's for the test):

SecRule REMOTE_ADDR "@ipMatch 10.68.***.96,127.0.0.1" "id:1,phase:1,nolog,deny"
SecRule REMOTE_ADDR "@ipMatch 10.68.***.96,127.0.0.1" "phase:1,nolog,deny,id:2"

SecRule REMOTE_ADDR "@ipMatch 10.68.***.96" phase:1,t:none,nolog,deny,id:3
SecRule REMOTE_ADDR "^10.68.***.96" "phase:1,nolog,deny,id:'4'"

SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" phase:1,id:'5',nolog,deny,ctl:ruleEngine=Off,ctl:auditEngine=Off
SecRule REMOTE_ADDR "@ipMatch 10.68.***.96" phase:1,id:'6',nolog,deny,ctl:ruleEngine=Off,ctl:auditEngine=Off

Your help is welcome, and I searched a lot before asking you here.

Thanks in advance.

Raphaël D
  • 1
  • 4
  • You cannot use wildcards using @ipMatch. Also would be good to turn on AuditLog and/or DebugLog and see if that explains why it doesn't match. – Barry Pollard Dec 11 '16 at 15:15

1 Answers1

-1

Try this 

SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24" "id:162"
I say Reinstate Monica
  • 3,100
  • 7
  • 23
  • 51
Jamsheer Kandoth
  • 1
  • 1
  • 2
    Welcome to Server Fault. For the benefit of those less familiar with this command, your answer could be improved by providing some explanation of how this works. – I say Reinstate Monica May 18 '17 at 12:06