ipMatch errors

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
dancespain
New Forum User
New Forum User
Posts: 2
Joined: Wed Aug 06, 2014 10:58 am
Location: España

ipMatch errors

Unread post by dancespain »

i am detecting this kind of errors in my server error log:
[Tue Aug 12 17:12:47 2014] [error] [client 180.76.5.21] ModSecurity: ipMatch Internal Error: Invalid ip address. [hostname "www.mydomain.com"] [uri "/automocion/eventos/tag/Jetta.feed"] [unique_id "U@ou7iW7gz4AACrnhMUAAAAi"]
This ip is a legitimate Baidu ip.

I also try to deactivate a rule using ipMatch and don't work at all y receive same error on server error log and don't deactivate de rule

SecRule REMOTE_HOST "@ipmatch 172.28.3.0/24" \
"id:12345,phase:2,t:none,pass,nolog,noauditlog,ctl:ruleRemovebyID=303802"

Apparently ipMatch is not working correctly in my server. I am using Centos 6.5 with plesk 12 and Atomic rules, which may be the problem?
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: ipMatch errors

Unread post by mikeshinn »

Thank you for the question. Parallels has installed a known buggy version of modsecurity which is why you are getting this error:

https://www.atomicorp.com/wiki/index.ph ... cification

This was reporting to Parallels several months ago, but they havent released a fix yet. Never fear though, we already have a solution for this. Just follow this process:

https://www.atomicorp.com/wiki/index.ph ... _add_entry

If you have any issues with this process, please let know we'd be happy to do this for you. Just shoot an email to support.
dancespain
New Forum User
New Forum User
Posts: 2
Joined: Wed Aug 06, 2014 10:58 am
Location: España

Re: ipMatch errors

Unread post by dancespain »

Thanks Michael, I do the process without problems and only have 2 little questions, with this change plesk maintain it configuration rules and update de rules correctly from atomic? If plesk automatically update the system will destroy this change?

Thanks

Aitor
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: ipMatch errors

Unread post by mikeshinn »

I just added in logic to not let any ipmatch rules load on 2.8.0 systems (they get skipped). Parallels still hasnt fixed this bug, so rather than keep asking them we just made it so the ipmatch rules are skipped on the broken 2.8.0 systems. As soon as parallels fixes their bugs, those rules will automatically work again.
Post Reply