modsecurity whitelist ip range
I'm trying to whitelist a range of ips (Googlebots) on modsecurity on an Ubuntu 12.04 server. For example, here's a range that I need to whitelist:
66.249.64.0/19
I've tried several ways as suggested by others, but only single ips are being blocked, when i try as a range, the whitelist is ignored. I've added the rule to the /usr/share/modsecurity-crs/modsecurity_crs_10_config.conf in a new section at the bottom of the file.
This works:
SecRule REMOTE_ADDR "^66.249.65.3" phase:1,nolog,allow,ctl:ruleEngine=Off
These Don't work:
SecRule REMOTE_ADDR "^66.249.64.0/19" phase:1,nolog,allow,ctl:ruleEngine=off
SecRule REMOTE_ADDR "@ipMatch 66.249.64.0/19" "phase:1,nolog,allow"
SecRule REMOTE_ADDR "^66.249.64\0/19$" phase:1,nolog,allow,ctl:ruleEngine=Off
I"ve seen several different syntaxes suggested, but none seem to work for my installation. Does the version of mod-security matter? any suggestions? TIA
Answer
I am using Ubuntu but the result may be the same
SecRule REMOTE_ADDR "@ipMatch 66.249.0.0/16" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"
It is working very well in my servers. If you want to take logs just get rid off nolog command in the sentence. You may change the mask in order to be more precise but it depends on you.
Be aware of using the correct phase. In my case is phase 2.
To be more confident just read: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ipMatch
They prefer @ipMatch operator rather than regexp. Follow @ModSecurity at Twitter