On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

How to whitelist IP addresses for ModSecurity in Plesk?

Follow

Comments

7 comments

  • Avatar
    Emil Stahl Pedersen

    Modify log to nolog if you don't want to fill the log with "Access allowed (phase 1)." entries.

    Before:

    phase:1,log,allow,ctl:ruleEngine=Off,id:55666

    After:

    phase:1,nolog,allow,ctl:ruleEngine=Off,id:55666
    1
    Comment actions Permalink
  • Avatar
    Marius Melinskas

    Hi,

    Just to expand the query a bit more. two questions are:

    1. a portion of the site is not working correctly, modsecurity (tradeoff setting) logs are empty, site access logs show only a generic 404 status code on the query: Where do I find which modsecurity ruleID is blocking the traffic?

    2. Can I whitelist an IP for all modsec ruleIDs explicitly?

    Thank you in advance for your help on this

    0
    Comment actions Permalink
  • Avatar
    Denis Bykov

    @Alban Staehli
    Starting from ModSecurity 2.7, IDs became mandatory.
    Apart from it, that is also a valid method:

    SecRule REMOTE_ADDR "^203\.0\.113\2$"
    id:88888,phase:1,nolog,allow,ctl:ruleEngine=Off
    0
    Comment actions Permalink
  • Avatar
    Alisa Kasyanova

    @Marius Melinskas

    1) Check the error log of the domain (/var/www/vhosts/system/example.com/logs/error_log), it should give you some additional information about 404.
    2) Please check https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Frequently-Asked-Questions-%28FAQ%29#ModSecurity_Rules_Language , it describes the method to whitelist IP address.

    0
    Comment actions Permalink
  • Avatar
    Alban Staehli

    Would the below rule to whitelist IP and turn off all rules (meaning modsec is turned off for that particular IP) work as well?

    SecRule REMOTE_ADDR "^203\.0\.113\2$"
    phase:1,nolog,allow,ctl:ruleEngine=Off
    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Emil,

    Thank you for the notice, it may be useful for other Pleskians.

    0
    Comment actions Permalink
  • Avatar
    Hussein AbuTaleb

    hi

    is there another way to do this other than SSH?

    thanks

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request