i am detecting this kind of errors in my server error log:
[Tue Aug 12 17:12:47 2014] [error] [client 180.76.5.21] ModSecurity: ipMatch Internal Error: Invalid ip address. [hostname "www.mydomain.com"] [uri "/automocion/eventos/tag/Jetta.feed"] [unique_id "U@ou7iW7gz4AACrnhMUAAAAi"]
This ip is a legitimate Baidu ip.
I also try to deactivate a rule using ipMatch and don't work at all y receive same error on server error log and don't deactivate de rule
SecRule REMOTE_HOST "@ipmatch 172.28.3.0/24" \
"id:12345,phase:2,t:none,pass,nolog,noauditlog,ctl:ruleRemovebyID=303802"
Apparently ipMatch is not working correctly in my server. I am using Centos 6.5 with plesk 12 and Atomic rules, which may be the problem?
ipMatch errors
-
- New Forum User
- Posts: 2
- Joined: Wed Aug 06, 2014 10:58 am
- Location: España
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ipMatch errors
Thank you for the question. Parallels has installed a known buggy version of modsecurity which is why you are getting this error:
https://www.atomicorp.com/wiki/index.ph ... cification
This was reporting to Parallels several months ago, but they havent released a fix yet. Never fear though, we already have a solution for this. Just follow this process:
https://www.atomicorp.com/wiki/index.ph ... _add_entry
If you have any issues with this process, please let know we'd be happy to do this for you. Just shoot an email to support.
https://www.atomicorp.com/wiki/index.ph ... cification
This was reporting to Parallels several months ago, but they havent released a fix yet. Never fear though, we already have a solution for this. Just follow this process:
https://www.atomicorp.com/wiki/index.ph ... _add_entry
If you have any issues with this process, please let know we'd be happy to do this for you. Just shoot an email to support.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- New Forum User
- Posts: 2
- Joined: Wed Aug 06, 2014 10:58 am
- Location: España
Re: ipMatch errors
Thanks Michael, I do the process without problems and only have 2 little questions, with this change plesk maintain it configuration rules and update de rules correctly from atomic? If plesk automatically update the system will destroy this change?
Thanks
Aitor
Thanks
Aitor
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ipMatch errors
I just added in logic to not let any ipmatch rules load on 2.8.0 systems (they get skipped). Parallels still hasnt fixed this bug, so rather than keep asking them we just made it so the ipmatch rules are skipped on the broken 2.8.0 systems. As soon as parallels fixes their bugs, those rules will automatically work again.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone