January 31, 2023

Whitelist IP in ModSecurity

If you need to whitelist an IP in ModSecurity (v2.7+), here’s what to do:

nano /usr/local/apache/conf/modsec2/whitelist.conf

add this line, replacing (#####) with a unique ID number for mod security, I used a version of my whitelisted ip address:

SecRule REMOTE_ADDR “@ipMatch” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”

SecRule REMOTE_ADDR “^$” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”

Then restart apache. UPDATE: Per Ryan’s comment, I’ve updated the example to use @ipMatch instead of RegEx. @ipMatch has the advantage of making adding CIDR ranges much easier too. Documentation for @ipMatch.


Father of 4, Enterprise IT Architect Consultant - also love music, food, spirits, and the great outdoors.

View all posts by babul →

4 thoughts on “Whitelist IP in ModSecurity

    1. Ryan –

      Thanks for the feedback! Chasing regex false positives is never any fun.

      I will update the post with your recommendation.


Leave a Reply

Your email address will not be published.