Imunify360 blocks LinkedIn bot unless LinkedIn IPs are whitelisted. Rule 77136974 in 001_i360_1_generic.conf () is being triggered by LinkedIn bot when someone shares content on LinkedIn. The content link request triggers an Imunify360 CAPTCHA which cannot be responded to.
Whenever LinkedIn changes its IPs we get a rash of complaints that content cannot be shared in LinkedIn.
I dont want to remove rule 77136974 because it blocks some undesirable bots. Is it possible to modify the rule to allow LinkedInBot?
I believe this is an example of the error message in the Imunify360 log:
INFO [2018-04-29 18:07:09,345] defence360agent.internals.the_sink: SensorIncident:{timestamp: 1525050429.3419015, user_id: xxxxxxxxxx, rule: 77136974, advanced: {uri: /legislation-passed/, http_method: GET, headers: [[Connection, close], [Host, xxxxxxxx.com], [User-Agent, LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)], [Accept-Encoding, gzip,deflate]]}, message: Request Missing an Accept Header||MVN:LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)||MV:LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3
.1 +http://www.linkedin.com)||PC:134, severity: 7, name: Request Missing an Accept Header||MVN:LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)||MV:LinkedInBot/1.0 (compatible; Mozil
la/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)||PC:134, method: INCIDENT, attackers_ip: 108.174.5.115, plugin_id: modsec, tag: [i360, noshow, o]}
Whenever LinkedIn changes its IPs we get a rash of complaints that content cannot be shared in LinkedIn.
I dont want to remove rule 77136974 because it blocks some undesirable bots. Is it possible to modify the rule to allow LinkedInBot?
I believe this is an example of the error message in the Imunify360 log:
INFO [2018-04-29 18:07:09,345] defence360agent.internals.the_sink: SensorIncident:{timestamp: 1525050429.3419015, user_id: xxxxxxxxxx, rule: 77136974, advanced: {uri: /legislation-passed/, http_method: GET, headers: [[Connection, close], [Host, xxxxxxxx.com], [User-Agent, LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)], [Accept-Encoding, gzip,deflate]]}, message: Request Missing an Accept Header||MVN:LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)||MV:LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3
.1 +http://www.linkedin.com)||PC:134, severity: 7, name: Request Missing an Accept Header||MVN:LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)||MV:LinkedInBot/1.0 (compatible; Mozil
la/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)||PC:134, method: INCIDENT, attackers_ip: 108.174.5.115, plugin_id: modsec, tag: [i360, noshow, o]}
Comment