modsecurity whitelist for pingdom servers

Pingdom provides free service to monitor status of a website. When the website is down, pingdom will send notification to a registered email. And also when the website is up again.

But if the website is protected by mod_security, pingdom will not be able to carry out it’s job. So we need to create a whitelist for pingdom’s server. First we need to go to directory where mod_security rules reside ( usually¬† in the same directory as modsecurity-crs). Copy the following lines and then

$ vi whitelist.conf

change to write mode and then paste and then save and exit. And then don’t forget to restart apache.

To make sure the ip address are valid, check here. You need to have an accout at pingdom. It’s free.

SecRule REMOTE_ADDR “^95.211.198.87” phase:1,nolog,allow,id:445000,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^95.211.87.85” phase:1,nolog,allow,id:445001,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^85.17.156.76” phase:1,nolog,allow,id:445002,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^85.17.156.11” phase:1,nolog,allow,id:445003,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^85.17.156.99” phase:1,nolog,allow,id:445004,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^95.211.217.68” phase:1,nolog,allow,id:445005,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^174.34.162.242” phase:1,nolog,allow,id:445006,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^64.141.100.136” phase:1,nolog,allow,id:445007,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^174.34.224.167” phase:1,nolog,allow,id:445008,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^69.59.28.19” phase:1,nolog,allow,id:445009,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^174.34.156.130” phase:1,nolog,allow,id:445010,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^82.103.128.63” phase:1,nolog,allow,id:445011,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^173.248.147.18” phase:1,nolog,allow,id:445012,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^46.20.45.18” phase:1,nolog,allow,id:445013,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^78.31.69.179” phase:1,nolog,allow,id:445014,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^94.247.174.83” phase:1,nolog,allow,id:445015,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^46.165.195.139” phase:1,nolog,allow,id:445016,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^72.46.140.186” phase:1,nolog,allow,id:445017,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^76.164.194.74” phase:1,nolog,allow,id:445018,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^208.64.28.194” phase:1,nolog,allow,id:445019,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^72.46.153.26” phase:1,nolog,allow,id:445020,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^72.46.140.106” phase:1,nolog,allow,id:445021,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^72.46.130.42” phase:1,nolog,allow,id:445022,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^91.109.115.41” phase:1,nolog,allow,id:445023,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^94.46.4.1” phase:1,nolog,allow,id:445024,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^83.170.113.210” phase:1,nolog,allow,id:445025,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^204.152.200.42” phase:1,nolog,allow,id:445026,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^94.46.240.121” phase:1,nolog,allow,id:445027,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^212.84.74.156” phase:1,nolog,allow,id:445028,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^158.58.173.160” phase:1,nolog,allow,id:445029,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^95.141.32.46” phase:1,nolog,allow,id:445030,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^178.255.155.2” phase:1,nolog,allow,id:445031,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^67.205.67.76” phase:1,nolog,allow,id:445032,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^70.32.40.2” phase:1,nolog,allow,id:445033,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^64.237.55.3” phase:1,nolog,allow,id:445034,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^78.40.124.16” phase:1,nolog,allow,id:445035,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^76.72.171.180” phase:1,nolog,allow,id:445036,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^76.72.172.208” phase:1,nolog,allow,id:445037,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^76.72.167.90” phase:1,nolog,allow,id:445038,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^108.62.115.226” phase:1,nolog,allow,id:445039,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^199.87.228.66” phase:1,nolog,allow,id:445040,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^178.255.154.2” phase:1,nolog,allow,id:445041,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^46.105.119.18” phase:1,nolog,allow,id:445042,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^176.31.228.137” phase:1,nolog,allow,id:445043,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^173.204.85.217” phase:1,nolog,allow,id:445044,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^50.23.94.74” phase:1,nolog,allow,id:445045,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^64.120.6.122” phase:1,nolog,allow,id:445046,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^67.228.213.178” phase:1,nolog,allow,id:445047,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^69.64.56.47” phase:1,nolog,allow,id:445048,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^188.138.118.184” phase:1,nolog,allow,id:445049,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^188.138.124.110” phase:1,nolog,allow,id:445050,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^188.138.118.144” phase:1,nolog,allow,id:445051,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^85.25.176.167” phase:1,nolog,allow,id:445052,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^96.31.66.245” phase:1,nolog,allow,id:445053,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^184.75.209.18” phase:1,nolog,allow,id:445054,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^184.75.208.210” phase:1,nolog,allow,id:445055,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^184.75.210.90” phase:1,nolog,allow,id:445056,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^184.75.210.226” phase:1,nolog,allow,id:445057,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^184.75.210.186” phase:1,nolog,allow,id:445058,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^178.255.152.2” phase:1,nolog,allow,id:445059,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^208.43.68.59” phase:1,nolog,allow,id:445060,ctl:ruleEngine=off

SecRule REMOTE_ADDR “^178.255.153.2” phase:1,nolog,allow,id:445061,ctl:ruleEngine=off

If you copy paste from the list above, make sure it’s double quote before and after the ip address. Otherwise it won’t work. I’ve been there. I had to copy paste in gedit and then used it’s find replace tool.

Also make sure that whitelist.conf is included in httpd.conf just like this :

<IfModule security2_module>
Include /usr/local/apache2/modsecurity-crs/*.conf
Include /usr/local/apache2/modsecurity-crs/base_rules/*.conf
</IfModule>

Latest posts by gregor (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *


*