Whitelist IPs or URIs in mod_security

Sometimes it can be useful to know how to whitelist your clients’ IPs or URIs of specific locations in mod_security.

We recommend adding the rule presented below to the file /etc/apache2/conf.d/modsec/modsec2.user.conf . Notice that files might be modified by cPanel, so you will love any changes.

How to whitelist IPs in mod_security

1. Connect to your server and edit the file /etc/apache2/conf.d/modsec/modsec2.user.conf

2. You can add the IP/IPs in two ways:

//one IP per rule 
SecRule REMOTE_ADDR "^192\.168\.1\.100$" "phase:1,id:99,nolog,allow,ctl:ruleEngine=off"  

//or multiple IPs per rule
SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24" "phase:1,id:100,nolog,allow,ctl:ruleEngine=off"

3. Restart the Apache web server

How to whitelist URIs in mod_security

1. Connect to your server and edit the file /etc/apache2/conf.d/modsec/modsec2.user.conf

2.1 To disable all rules in a specific location:

<Directory /home/site/location1>
SecRuleEngine Off
</Directory>

2.2 To disable only specific rules:

<LocationMatch "/home/site/location2">
SecRuleRemoveById 9090
SecRuleRemoveById 100090
</LocationMatch>

3. Restart the Apache web server.

Notice that per ModSecurity site recommends using IDs in the 1-99,999 range:

1-99,999; reserved for local (internal) use. Use as you see fit but do not use this range for rules that are distributed to others.

ModSecurity IDs recoomendation

References:
ModSecurity IDs
ModSecurity allow action
How to enable mod_secuity rules

Leave a Reply