Intrusion Protection System URL Whitelist


NethServer Version: 7.7.1908
Module: The IPS (Intrusion Prevention System) module 1.3.1

I have installed the above mentioned Module and enable the block function on the
Dns (ET-emerging-dns) section.

I have noticed alot “false positives” are being blocked now, Is there a way to whitelist in this module?

You may just disable the affected rule in the category/section or do a whitelisting:

Thank you so much

This worked.

No I am trying to find a way to “whitelist” certain things that are being blocked.

I tried editing the enablesid.conf file with a SID but it does not help.

In enablesid.conf are only the rules to alert instead of block. And dropsid.conf (the blocked ones) takes precedence over enabledsid.conf so it doesn’t work anyway.

I assume you have to use disablesid.conf to whitelist an sid.