If you need to whitelist an IP in ModSecurity (v2.7+), here’s what to do:
nano /usr/local/apache/conf/modsec2/whitelist.conf
add this line, replacing (#####) with a unique ID number for mod security, I used a version of my whitelisted ip address:
SecRule REMOTE_ADDR “@ipMatch 1.2.3.4” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”
SecRule REMOTE_ADDR “^1.2.3.4$” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”
Then restart apache. UPDATE: Per Ryan’s comment, I’ve updated the example to use @ipMatch instead of RegEx. @ipMatch has the advantage of making adding CIDR ranges much easier too. Documentation for @ipMatch.
FYI – I recommend using @ipMatch operator when inspecting IP addresses/ranges as it is less prone to false positives like @rx is.
Cheers.
Ryan –
Thanks for the feedback! Chasing regex false positives is never any fun.
I will update the post with your recommendation.
Maintain,
Babul
The “Documentation for @ipMatch” links leads to a blank page.
JoeS – thanks! I’ve fixed the link.