I run modsecurity2 on apache 2.4 server on a CentOS machine (WHM enabled). To whitelist msnbot, my hosting provider asked me to add the following rule
SecRule REMOTE_HOST "@endsWith .search.msn.com" "allow,nolog,id:5000003,msg:'msn bot'"
There was no explicit mentioning of the phase. (modsecurity processes rules in 5 phases). When phase is not mentioned, what will be the default phase?
There is no "default" phase. If you forgot to add this action, the rule won't evaluated.
As I see the mod_security2 inserts a phase:2 action to the rule, if there is no phase given.