Atomicorp

i am detecting this kind of errors in my server error log:
[Tue Aug 12 17:12:47 2014] [error] [client 180.76.5.21] ModSecurity: ipMatch Internal Error: Invalid ip address. [hostname "www.mydomain.com"] [uri "/automocion/eventos/tag/Jetta.feed"] [unique_id "U@ou7iW7gz4AACrnhMUAAAAi"]
This ip is a legitimate Baidu ip.

I also try to deactivate a rule using ipMatch and don't work at all y receive same error on server error log and don't deactivate de rule

SecRule REMOTE_HOST "@ipmatch 172.28.3.0/24" \
"id:12345,phase:2,t:none,pass,nolog,noauditlog,ctl:ruleRemovebyID=303802"

Apparently ipMatch is not working correctly in my server. I am using Centos 6.5 with plesk 12 and Atomic rules, which may be the problem?

Thank you for the question. Parallels has installed a known buggy version of modsecurity which is why you are getting this error:

https://www.atomicorp.com/wiki/index.ph ... cification

This was reporting to Parallels several months ago, but they havent released a fix yet. Never fear though, we already have a solution for this. Just follow this process:

https://www.atomicorp.com/wiki/index.ph ... _add_entry

If you have any issues with this process, please let know we'd be happy to do this for you. Just shoot an email to support.

Thanks Michael, I do the process without problems and only have 2 little questions, with this change plesk maintain it configuration rules and update de rules correctly from atomic? If plesk automatically update the system will destroy this change?

Thanks

Aitor

I just added in logic to not let any ipmatch rules load on 2.8.0 systems (they get skipped). Parallels still hasnt fixed this bug, so rather than keep asking them we just made it so the ipmatch rules are skipped on the broken 2.8.0 systems. As soon as parallels fixes their bugs, those rules will automatically work again.