Mod Security whitelist issue

Mod_security issue.

I was able to whitelist the pattern match for a domain with a rule ID or whitelist the domain completely using either of the following added to /usr/local/apache/conf/whitelist.conf

SecRule SERVER_NAME “” phase:1,nolog,allow,ctl:ruleRemoveById=600161

SecRule SERVER_NAME “” phase:1,nolog,allow,ctl:ruleEngine=off

Nowadays, after adding it, when you restart httpd, if you are getting an error as follows,

Syntax error on line 12 of /usr/local/apache/conf/whitelist.conf:
ModSecurity: No action id present within the rule

You need to add something like this,

SecRule SERVER_NAME “” phase:1,nolog,allow,id:445000,ctl:ruleEngine=off, —> This will whitelist the domain completely in Mod Security


SecRule SERVER_NAME “” phase:1,nolog,allow,id:445000,ctl:ruleRemoveById=600161 —> This will whitelist the domain for a specific rule ID, say 600161.

instead of

SecRule SERVER_NAME “” phase:1,nolog,allow,ctl:ruleEngine=off, or

SecRule SERVER_NAME “” phase:1,nolog,allow,ctl:ruleRemoveById=600161

You can refer the details at

You can use the ID range, 440.000-599,999(which is unreserved)

You can get the details on ID’s at

If the ID already exists for any other rule, you need to change it with a new unused one, otherwise the ModSecurity along with apache will not get start.

Thank you.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s