October 22, 2020

Whitelist IP in ModSecurity

If you need to whitelist an IP in ModSecurity (v2.7+), here’s what to do:

nano /usr/local/apache/conf/modsec2/whitelist.conf

add this line, replacing (#####) with a unique ID number for mod security, I used a version of my whitelisted ip address:

SecRule REMOTE_ADDR “@ipMatch 1.2.3.4” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”

SecRule REMOTE_ADDR “^1.2.3.4$” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”

Then restart apache. UPDATE: Per Ryan’s comment, I’ve updated the example to use @ipMatch instead of RegEx. @ipMatch has the advantage of making adding CIDR ranges much easier too. Documentation for @ipMatch.

babul

Father of 4, Enterprise IT Architect Consultant - also love music, food, spirits, and the great outdoors.

View all posts by babul →

4 thoughts on “Whitelist IP in ModSecurity

    1. Ryan –

      Thanks for the feedback! Chasing regex false positives is never any fun.

      I will update the post with your recommendation.

      Maintain,
      Babul

Leave a Reply

Your email address will not be published. Required fields are marked *