|Applies To||RSA Product Set: Web Threat Detection|
RSA Product/Service Type: Forensics
RSA Version/Condition: All
|Resolution||All attribute can have a whitelist, but for IP address whitelisting it makes sense to apply these to the default "ip" attribute as follows:|
Here, the “and” attribute (which represents the CIDR mask bits) is 32 and so will correspond to a single IP address, but this value can be used to specify any range.
According to the whois for a particular IP:
$ whois 126.96.36.199
So using the CIDR for this you could filter all google IPs with a single entry of something like the following:
The cleanest/safest method to add these is within the Configuration Manager UI under schema but can also be added directly to the universal_conf.py, which would then need to be re-imported and pushed.
|Notes||The above example whitelists 8190 IPs belonging to google and not all of these will be googlebot crawlers so a it may be wise to consider different ranges using a CIDR calculator.|