Skip to main content

Whitelist against Mod security block






Add below line in /usr/local/apache/conf/whitelist.conf
SecRule SERVER_NAME "contestant.theiifymchallenge.com.au" phase:1,nolog,allow,id:445023,ctl:ruleEngine=off

Give alternate "id "

Check in /usr/local/apache/conf/modsec2.conf whether below include line is added :
Include "/usr/local/apache/conf/whitelist.conf"

httpd -t  check for any syntax error, if not proceed with apache restart
restart httpd

Comments

Popular posts from this blog

How to tweak linux server harddisk using hdparm

hdparm switches explained http://manpages.ubuntu.com/manpages/intrepid/man8/hdparm.8.html   First of all you have to install hdparm in linux. apt-get install hdparm #hdparm /dev/sda /dev/sda: readonly = 0 (off) readahead = 120 (on) geometry = 8850/255/63, sectors = 142182912, start = 0 Hard disk Performance Information # hdparm -tT /dev/hda /dev/hdd: Timing cached reads: 496 MB in 2.00 seconds = 247.42 MB/sec Timing buffered disk reads: 60 MB in 3.03 seconds = 19.81 MB/sec Hard drive set to low, slow settings # hdparm -cuda /dev/hda /dev/hda: IO_support = 0 (default 16-bit) unmaskirq = 0 (off) using_dma = 0 (off) readahead = 256 (on) Use below tweaks to increase disk read write performance. For sda drive ~]# hdparm -a 2048 /dev/sda /dev/sda: setting fs readahead to 2048 readahead = 2048 (on) For sdb drive [root@439298a ~]# hdparm -a 2048 /dev/sdb /dev/sdb: setting fs readahead to 2048 readahead = 2048 (on) ]# echo “anticipatory” >...

Modsecurity block rule for XMLRPC and wp-login attack

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134  <Locationmatch "/wp-login.php">  SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"  SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"  SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"  SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"  </Locationmatch>  SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234  <Locationmatch "/xmlrpc.php">  SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 m...

Apache tuning documentation

Apache bench marking ======================= Things or checklist to be considered before the test     CPU: avoid power-saving mode. cpufreq-set -g performance.     File descriptors: raise the limit to (at least) the number of concurrent connections you wish to handle, using ulimit -n in your shell, or setrlimit(RLIMIT_NOFILE) in your server. Beware, some systems forbid you to raise the limit, you might need to investigate a bit to find how to unlock it.     Disable the logs of your server (you do not want to lose time logging thousands of requests instead of answering them).     Raise /proc/sys/net/somaxconn to the number of concurrent connections you want to handle. To understand why this is necessary, read the technical report or the excellent paper Measuring the Capacity of a Web Server (Banga and Druschel, Usenix 97). More on the fascinating topic of the accept() queue can be found in accept()able Strategies for Im...