How to Whitelist an IP Address in ModSecurity

Whitelist an IP Address in ModSecurity
Whitelist an IP Address in ModSecurity

ModSecurity is a web layer firewall module. ModSecurity is free software released under the Apache license 2.x.

ModSecurity is one of the Apache server modules that provides website protection by defending from hackers and other malicious attacks.

It is a set of rules with regular expressions that helps to instantly ex-filtrate the commonly known exploits.

Modsecurity obstructs the processing of invalid data (code injection attacks) to reinforce and nourish server’s security

With a good, strict ruleset for mod_security, the firewall may occasionally block you as a false positive when trying to post certain content to the server.  Disabling the entire rule seems too extreme. Default rules can’t be edited. A simple solution is to add your PC or workstation’s public IP address to the mod_security whitelist, avoiding the need to temporarily disable mod_security rule enforcement, most ideal way to whitelist would be based on two factors (rule + hostname, or ip + hostname, ip + rule, etc) If I just disable the entire rule it would open up the server to any IP address.

Edit modsec2.whitelist.conf configuration file.  On cPanel/WHM servers using Config Server’s ModSec Control plugin, use the plugin interface in WHM to locate and edit modsec2.whitelist.conf. On other Linux servers, the file name will contain whitelist.conf.

I can probably help you with that if you have the error log entry. There are ways to disable rules on a per IP basis using ctl. For example if rule ID 99999 is tripping for localhost ( something like this would probably fix it:

SecRule REMOTE_ADDR “127\.0\.0\.1″ id:28374,pass,ctl:ruleRemoveById=99999”

This would need to be specified in configs before the rule which it is disabling.

To fully whitelist a remote address it’s very similar to the above rule:

SecRule REMOTE_ADDR “127\.0\.0\.1” “id:28375,allow”

Make sure to replace the IP address numbers with your own IP address. You can enter “what is my IP” on Google if you’re unsure.

With the above rule in place, no mod_sec rules will be checked for your IP address.