Wednesday, September 23, 2009

Mod_Security whitelist ip

SkyHi @ Wednesday, September 23, 2009
Mod_security white list:

You can also add a white list to this module. For this you need to add the folowing lines to the modsecurity_crs_10_config.conf:

#Whitelist Apache logs

SecRule REMOTE_ADDR "^192\.2\.1\.1$"phase:1,nolog,allow,ctl:ruleEngine=Off


You can increase SecResponseBodyLimit if you get a message like:

"ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)".

Have a look into modsecurity_crs_10_config.conf file and modify on the last line the "524288" value to "2097152" :

SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2097152



Change 524288 to larger value, or change option ‘SecResponseBodyAccess’ to Off, save and restart apache

apachectl restart


#cat modsecurity_crs_10_config.conf

# Set web server identification string
# TODO In case you use Apache, you may want specify a simple server signature
# instead of the detailed Apache default signature that list most modules
# used on the specific Apache deployment:
# "Apache/2.2.0 (Fedora)"
# For this directive to work, you need to set Apache ServerTokens
# to Full (this is the default option)
#SecServerSignature "Apache/2.2.0 (Fedora)"

vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
SecRequestBodyAccess On
#SecResponseBodyAccess Off
SecResponseBodyLimit 2097152