Hi Folks, I was wondering what the best method for white-listing an IP is? In this case, I need to allow PayPal's IPN to be exempt.
At http://permalink.gmane.org/gmane.comp.apache.mod-security.user/8735 I see a couple of methods mentioned: SecRule REMOTE_ADDR "@streq 127.0.0.1" "phase:1,t:none,nolog,pass" > SecRule REMOTE_ADDE "@streq 192.168.10.1" > "phase:1,ctl:ruleEngine=Off,msg:'Turning off rule-engine for IP > %{REMOTE_ADDR}'" Is using "pass" better than "ctl:ruleEngine=Off". I also see "allow" being used at http://serversitters.com/mod-security-whitelist-ip.html Thanks! Best, Matt Thomas Founder betweenbrain <http://betweenbrain.com/>™ Lead Developer Construct Template Development Framework<http://construct-framework.com/> Phone: 203.632.9322 Twitter: @betweenbrain Github: https://github.com/betweenbrain
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
