Whitelist IP in ModSecurity

by babulApril 10, 2013June 12, 2014

If you need to whitelist an IP in ModSecurity (v2.7+), here’s what to do:

nano /usr/local/apache/conf/modsec2/whitelist.conf

add this line, replacing (#####) with a unique ID number for mod security, I used a version of my whitelisted ip address:

SecRule REMOTE_ADDR “@ipMatch 1.2.3.4” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”

~~SecRule REMOTE_ADDR “^1.2.3.4$” “phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:(#####)”~~

Then restart apache. UPDATE: Per Ryan’s comment, I’ve updated the example to use @ipMatch instead of RegEx. @ipMatch has the advantage of making adding CIDR ranges much easier too. Documentation for @ipMatch.

babul

Father of 4, Enterprise IT Architect Consultant - also love music, food, spirits, and the great outdoors.

View all posts by babul →

4 thoughts on “Whitelist IP in ModSecurity”

Ryan Barnett says:

April 10, 2013 at 12:02 pm

FYI – I recommend using @ipMatch operator when inspecting IP addresses/ranges as it is less prone to false positives like @rx is.

Cheers.

Reply
1. babul says:
  
  April 10, 2013 at 3:24 pm
  
  Ryan –
  
  Thanks for the feedback! Chasing regex false positives is never any fun.
  
  I will update the post with your recommendation.
  
  Maintain,
  Babul
  
  Reply
JoeS says:

May 9, 2014 at 7:03 pm

The “Documentation for @ipMatch” links leads to a blank page.

Reply
1. babul says:
  
  June 12, 2014 at 10:14 am
  
  JoeS – thanks! I’ve fixed the link.
  
  Reply

babul

You might also like

Disable newrelic for PHP site via .htaccess

PopClip

Excellent introduction to System Automation (a la Puppet/Chef)

4 thoughts on “Whitelist IP in ModSecurity”

Leave a Reply Cancel reply