Are you looking for a fast and secure hosting plan with 24/7 Technical Support? Contact us today for a free trial account.

Whitelist IP for specific ModSecurity rule

Post author:Editorial Staff
Post published:October 23, 2020
Post category:CentOS Web Panel / DirectAdmin / Server
Post comments:0 Comments

For whitelisting an IP only for a specific ModSecurity rule, you can use the ruleRemovebyID option for the ctl action.

ctl description:

Description: Changes ModSecurity configuration on a transient, per-transaction basis. Any changes made using this action will affect only the transaction in which the action is executed. The default configuration, as well as the other transactions running in parallel, will be unaffected.
Reference Manual

The ruleRemoveById option:

ruleRemoveById – since this action is triggered at run time, it should be specified before the rule in which it is disabling.
Reference Manual

The rule will be:

SecRule REMOTE_ADDR "@ipMatch 11.22.33.44" "id:1010,phase:2,t:none,pass,nolog,ctl:ruleRemovebyID=xxxxxx"

xxxxxx is the ID of the rule for which you want to whitelist the IP 11.22.33.44.

Per the ModSecurity Reference Manual, the ID of local rules should be in the 1–99,999 range.

modsecurity logo

References:
ModSecurity IDs

Tags: mod_security

You Might Also Like

How to access DirectAdmin File Manager

How to add files to DirectAdmin File Editor

Redirect site to another URL except for a specific directory

Leave a Reply Cancel reply