Sometimes it can be useful to know how to whitelist your clients’ IPs or URIs of specific locations in mod_security.
We recommend adding the rule presented below to the file /etc/apache2/conf.d/modsec/modsec2.user.conf . Notice that files might be modified by cPanel, so you will love any changes.
How to whitelist IPs in mod_security
1. Connect to your server and edit the file /etc/apache2/conf.d/modsec/modsec2.user.conf
2. You can add the IP/IPs in two ways:
//one IP per rule
SecRule REMOTE_ADDR "^192\.168\.1\.100$" "phase:1,id:99,nolog,allow,ctl:ruleEngine=off"
//or multiple IPs per rule
SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24" "phase:1,id:100,nolog,allow,ctl:ruleEngine=off"3. Restart the Apache webserver
How to whitelist URIs in mod_security
1. Connect to your server and edit the file /etc/apache2/conf.d/modsec/modsec2.user.conf
2.1 To disable all rules in a specific location:
<Directory /home/site/location1>
SecRuleEngine Off
</Directory>2.2 To disable only specific rules:
<LocationMatch "/home/site/location2">
SecRuleRemoveById 9090
SecRuleRemoveById 100090
</LocationMatch>3. Restart the Apache webserver.
Notice that per ModSecurity site recommends using IDs in the 1-99,999 range:
1-99,999; reserved for local (internal) use. Use as you see fit but do not use this range for rules that are distributed to others.
ModSecurity IDs recoomendation
References:
ModSecurity IDs
ModSecurity allow action
How to enable mod_secuity rules