Re: [mod-security-users] modsecurity is blocking bing & yahoo in windows plesk
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] modsecurity is blocking bing & yahoo in windows plesk
|
From: Joost K. <cho...@gm...> - 2019-06-17 22:08:26
|
Hi Chaim, Here are some examples of the log file where bingbots are blocked (there are many a day logged...): --23480000-H-- Message: Warning. Match of "rx (^msnbot-[0-9]+-[0-9]+-[0-9]+-[0-9]+\\.search\\.msn\\.com$)" against "REMOTE_HOST" required. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/00_asl_y_searchengines.conf"] [line "106"] [id "303801"] [rev "6"] [msg "Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler"] [data ""] Message: Warning. RBL lookup of 0.139.66.13.threat2.atomicrbl.com. succeeded at REMOTE_ADDR. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/99_asl_zzzz_threat_intelligence.conf"] [line "64"] [id "355501"] [rev "2"] [msg "Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup"] [severity "ERROR"] [tag "no_ar"] Message: Warning. RBL lookup of 0.139.66.13.threat5.atomicrbl.com. succeeded at REMOTE_ADDR. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/99_asl_zzzz_threat_intelligence.conf"] [line "73"] [id "355506"] [rev "1"] [msg "Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup"] [severity "ALERT"] Apache-Handler: IIS Stopwatch: 1560756427841805 207022 (- - -) Stopwatch2: 1560756427841805 207022; combined=224046, p1=56045, p2=129961, p3=0, p4=0, p5=19020, sr=1018, sw=1032, l=0, gc=17988 Producer: ModSecurity for IIS (STABLE)/2.9.2 (http://www.modsecurity.org/); 201404231529. Server: ModSecurity Standalone Engine-Mode: "DETECTION_ONLY" --23480000-Z— --325f0000-F-- HTTP/1.1 500 Internal Server Error --325f0000-H-- Message: Warning. RBL lookup of 1.139.66.13.threat2.atomicrbl.com. succeeded at REMOTE_ADDR. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/99_asl_zzzz_threat_intelligence.conf"] [line "64"] [id "355501"] [rev "2"] [msg "Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup"] [severity "ERROR"] [tag "no_ar"] Apache-Handler: IIS Stopwatch: 1560803751120054 343710 (- - -) Stopwatch2: 1560803751120054 343710; combined=343710, p1=62492, p2=281218, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for IIS (STABLE)/2.9.2 (http://www.modsecurity.org/); 201404231529. Server: ModSecurity Standalone Engine-Mode: "DETECTION_ONLY" --325f0000-Z-- --bb660000-A— --f2260000-H-- Message: Warning. Match of "rx (^msnbot-[0-9]+-[0-9]+-[0-9]+-[0-9]+\\.search\\.msn\\.com$)" against "REMOTE_HOST" required. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/00_asl_y_searchengines.conf"] [line "106"] [id "303801"] [rev "6"] [msg "Atomicorp.com WAF Rules: Fake msnbot/bingbot webcrawler"] [data ""] Apache-Handler: IIS Stopwatch: 1560766857301652 437503 (- - -) Stopwatch2: 1560766857301652 437503; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for IIS (STABLE)/2.9.2 (http://www.modsecurity.org/); 201404231529. Server: ModSecurity Standalone Engine-Mode: "DETECTION_ONLY" --f2260000-Z— Would the exception need to be created in a .conf file on the windows server or is it just a matter of switching off rule ID’s using the Plesk control panel ? Thank you for your help. Joost > On 17 Jun 2019, at 22:52, Chaim Sanders <ch...@ch...> wrote: > > Sure, if it is blocking it will have an ID of the rule that is blocking and we can help you write an exception and then take a look at why it is blocking to begin with. Check your error or audit( if enabled) logs. > > On Mon, Jun 17, 2019 at 11:20 AM Joost Kouwenberg <cho...@gm... <mailto:cho...@gm...>> wrote: > Hi, > > For some reason Bing & yahoo bots are being blocked by modsecurity in Plesk12 on Windows server using “Advanced ModSecurity Rules by Atomicorp”, Google Bot have access. > > Any thoughts how we can allow Bing & yahoo bots on the Windows Server using Plesk12? > > Many thanks. > > Joost > > > _______________________________________________ > mod-security-users mailing list > mod...@li... <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-users <https://lists.sourceforge.net/lists/listinfo/mod-security-users> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ <http://www.modsecurity.org/projects/commercial/rules/> > http://www.modsecurity.org/projects/commercial/support/ <http://www.modsecurity.org/projects/commercial/support/> > > > -- > -- > Chaim Sanders > http://www.ChaimSanders.com <http://www.chaimsanders.com/> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
