- Adding or searching for IPs in RBL can lead to 403 HTTP responses:
IP placed in the bl_uri list:
[root@server]# grep -r "126.96.36.199" /var/imunify360/modsec/
- Imunify360 StandAlone
Since the UI on a stand-alone installation hosted by webserver, all requests to the UI are handled by ModSecurity as to a generic site.
Detecting the IP address "188.8.131.52" in the request, and matching it with the entry in the file bl_uri leads to blocking this request with 403 error.
SecRule ARGS|REQUEST_COOKIES "@pmFromFile bl_uri"
'IM360 WAF: Block URI containing malicious URLs||
The following CLI can be used as a workaround for the IP blacklist:
# imunify360-agent blacklist ip add 184.108.40.206
The behavior will be investigated within task IFR-681 for future Imunify360 releases.