Formatting For Whitelist?

These forums are not for questions about ModSecurity, just the cmc script itself
Post Reply
XLT_Frank
Junior Member
Posts: 4
Joined: 18 Sep 2013, 03:34

Formatting For Whitelist?

Post by XLT_Frank »

I am used to rules that look like this. Does modsec2.whitelist.conf just follow the same whitelisting as it is pushed into the httpd.conf?

Thanks,
Frank

Code: Select all

<LocationMatch "/>
       SecRuleRemoveById 910006 # Google robot activity - Useful in someways but noisy for sites where you want them crawled
       SecRuleRemoveById 960015 # Request Missing an Accept Header -  Allow for Google Reader
</LocationMatch>

<LocationMatch "/wp-includes/">
       SecRuleRemoveById 960010 # Request content type is not allowed by policy - Allows for amongst other things spell check to work on admin area
       SecRuleRemoveById 960012 # Require Content-Length to be provided with every POST request - Same as above
</LocationMatch>

<LocationMatch "(/wp-admin/|/wp-login.php)">    
       SecRuleRemoveById 950005 # Remote File Access Attempt - This rule probably doesn't need to be disabled by everyone but it stops me putting /etc/ in posts and other such linux paths.
       SecRuleRemoveById 950117 # Remote File Inclusion Attack - Disable to allow http:// to be passed in args
</LocationMatch>

 
<LocationMatch "(/wp-admin/post.php|/wp-admin/options.php|/wp-admin/theme-editor.php|/wp-includes/)">
       SecRuleRemoveById 950006 # System Command Injection - Another rule that probably doesn't need to be disabled by everyone it stops .exe and various other extensions being passed in args.
</LocationMatch>
MacIntox
Junior Member
Posts: 11
Joined: 23 Nov 2011, 13:11

Re: Formatting For Whitelist?

Post by MacIntox »

That's correct.

Code: Select all

<LocationMatch .*>
	SecRuleRemoveById YOURID
</LocationMatch>
Post Reply