How to whitelist an IP address for ModSecurity?




  • Avatar
    Emil Stahl Pedersen

    Modify log to nolog if you don't want to fill the log with "Access allowed (phase 1)." entries.




  • Avatar
    Marius Melinskas


    Just to expand the query a bit more. two questions are:

    1. a portion of the site is not working correctly, modsecurity (tradeoff setting) logs are empty, site access logs show only a generic 404 status code on the query: Where do I find which modsecurity ruleID is blocking the traffic?

    2. Can I whitelist an IP for all modsec ruleIDs explicitly?

    Thank you in advance for your help on this

  • Avatar
    Denis Bykov

    @Alban Staehli
    Starting from ModSecurity 2.7, IDs became mandatory.
    Apart from it, that is also a valid method:

    SecRule REMOTE_ADDR "^203\.0\.113\2$"
  • Avatar
    Alisa Kasyanova

    @Marius Melinskas

    1) Check the error log of the domain (/var/www/vhosts/system/, it should give you some additional information about 404.
    2) Please check , it describes the method to whitelist IP address.

  • Avatar
    Alban Staehli

    Would the below rule to whitelist IP and turn off all rules (meaning modsec is turned off for that particular IP) work as well?

    SecRule REMOTE_ADDR "^203\.0\.113\2$"
  • Avatar
    Ivan Postnikov

    Hello @Emil,

    Thank you for the notice, it may be useful for other Pleskians.

Please sign in to leave a comment.

Have more questions? Submit a request