Imunify360 includes a robust whitelisting mechanism to allow trusted files, IP addresses, and users to bypass various security checks such as malware scans and firewall filtering. This guide covers how to manage and apply whitelists within Imunify360, using the official whitelist formats provided by CloudLinux.
π Whitelist Reference
Official Source:
https://files.imunify360.com/static/whitelist/v2
This repository contains examples of default whitelist rules that can be extended or customized.
π 1. Whitelist Types in Imunify360
Imunify360 supports several types of whitelisting:
| Type | Purpose | Format Location |
|---|---|---|
| Malware | Bypass malware scanning for files and paths | /etc/imunify360/whitelist.json |
| Firewall | Whitelist trusted IPs from being blocked | /etc/imunify360/ips.whitelist |
| ModSec | Skip ModSecurity rules for certain domains/paths | via GUI or /etc/apache2/conf.d includes |
π 2. Whitelist JSON Format
The malware scanner whitelist uses JSON syntax and allows specifying files, directories, and rules to ignore specific scan findings.
Example β /etc/imunify360/whitelist.json:
{
"rules": [
{
"path": "/home/user/public_html/safe_file.php",
"reason": "False positive - internal tool",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"path": "/home/user/public_html/cache/",
"reason": "Safe cache directory",
"recursive": true
}
]
}Fields Explained:
path: Full path to the file or directory.reason: Description for internal tracking.md5: Optional; to match file content.recursive: Boolean (for folders) to include all subdirectories.
π Tip: After editing whitelist.json, run:
imunify360-agent malware whitelist updateπ 3. Whitelisting IP Addresses
To permanently allow trusted IPs:
File: /etc/imunify360/ips.whitelist
Example:
203.0.113.5
198.51.100.22Or via CLI:
imunify360-agent whitelist ip add 203.0.113.5 --comment "Office Static IP"To list:
imunify360-agent whitelist ip listTo remove:
imunify360-agent whitelist ip delete 203.0.113.5π§ 4. ModSecurity Whitelist (Optional)
If ModSecurity blocks legitimate requests:
WHM Path:
WHM Β» Security Center Β» ModSecurityβ’ Tools Β» Rule Configuration
You can disable specific rules for certain domains.
Or CLI:
imunify360-agent modsec rule disable --rule-id 981176 --domain example.comπ§ͺ 5. Testing Your Whitelist
After applying changes:
- Run a manual scan to confirm exclusions:
imunify360-agent malware on-demand start --user username- Check logs:
tail -f /var/log/imunify360/exec.logπ 6. Additional Resources
- Imunify360 Documentation: https://docs.imunify360.com/
- Default Whitelist Repo: https://files.imunify360.com/static/whitelist/v2
- Malware Report Format:
/var/log/imunify360/logs
β Best Practices
- Always use hashes (
md5) for file-level whitelisting when possible. - Avoid blindly whitelisting full directories unless essential.
- Document reasons for each whitelist rule for audit clarity.
- Review whitelists quarterly to remove obsolete entries.