一,创建目录和文件,并添加规则
1,创建目录和文件
[root@blog modsecurity]# mkdir custom_rules
[root@blog modsecurity]# cd custom_rules/
[root@blog custom_rules]# vi ipwhitelist.conf
命令的内容:
[root@blog custom_rules]# more ipwhitelist.conf
SecRule REMOTE_ADDR "@ipMatch 11.39.16.33" "id:1000,phase:1,pass,nolog,ctl:ruleEngine=Off"
ctl 临时修改 ModSecurity 配置
例如 = 》 ctl:ruleEngine=off 代表关闭拦截模式,所有规则失效
二,配置文件中包含:
编辑配置文件
[root@blog modsecurity]# vi modsecurity.conf
确保include了自定义目录下的规则
include /opt/soft/nginx/modsecurity/crs-setup.conf
include /opt/soft/nginx/modsecurity/custom_rules/*.conf
include /opt/soft/nginx/modsecurity/rules/*.conf
标签:rules,ip,modsecurity,custom,blog,conf,白名单,root From: https://www.cnblogs.com/architectforest/p/18413861