Since I upgraded my ruleset to the latest and greatest, my custom ruleset (modsecurity_crs_15_customconfig.conf) to whitelist my internal hosts insn't working. Here are the rules:
SecRule REMOTE_ADDR "127\.0\.0\.1" "allow, nolog" SecRule REMOTE_ADDR "^192\.168\.100\." phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off SecRule REMOTE_ADDR "^192\.168\.1\." phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off SecRule REMOTE_ADDR "^192\.168\.101\." phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off One of my internal host running nagios is now triggering a rule (Access denied with code 403 (phase 1). Pattern match "^(.*)$" at REQUEST_HEADERS:User-Agent). What do I need to do to fix this? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
