Hi -
I'm wondering if whitelisting netblocks works? I tried it, and my IP
was still blocked after reloading. It's blocking me for using
phpMyAdmin. Am I doing this wrong (example beow).
Thanks!
Beth
<global>
<white_list>127.0.0.1</white_list>
<white_list>^localhost.localdomain$</white_list>
<white_list>192.168.0.0/24</white_list>
</global>
OSSEC HIDS Notification.
2009 Mar 20 11:45:22
Received From: webhost-3->/var/log/httpd/access_log
Rule: 31106 fired (level 12) -> "A web attack returned code 200
(success)."
Portion of the log(s):
192.168.0.229 - root [20/Mar/2009:11:45:22 -0400] "GET /MyAdmin/
querywindow.php?sql_query=SELECT+%2A+FROM+%60jos_comprofiler
%60&lang=en-
iso-8859-1&server=1&db=kidsstuff_data&table=jos_comprofiler HTTP/1.1"
200 3068 "http://111.111.111.111/MyAdmin/sql.php"; "Mozilla/5.0
(Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.18.1
(KHTML, like Gecko) Version/3.1.2 Safari/525.20.1
