Knowledge Base

How to whitelist IP addresses for ModSecurity in Plesk?

Question

How to whitelist a single/multiple IP addresses for ModSecurity in Plesk?

Answer

Apply one of the solutions below:

For OWASP ruleset on Linux

Connect to the server via SSH.
Create/ open for editing ModSecurity file that is used for IP whitelisting:
For Debian based systems (Ubuntu/Debian):

# vi /etc/apache2/modsecurity.d/000ipwhitelist.conf

For RHEL based systems (CentOS/CloudLinux):

# vi /etc/httpd/conf/modsecurity.d/rules/000ipwhitelist.conf
Add the following rule in 1 line there:

SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.
Check Apache syntax:
For Debian based systems (Ubuntu/Debian):

# apache2ctl -t

For RHEL based systems (CentOS/CloudLinux):

# httpd -t
If, in accordance with step #4, the syntax is not OK, fix it. If it is OK, apply the new configuration:
For Debian based systems (Ubuntu/Debian):

# service apache2 reload

For RHEL based systems (CentOS/CloudLinux):

# service httpd reload

Note: Whitelist rules should be placed before other rules.
For details see: ModSecurity Core Ruleset documentation - Writing Whitelist Modifications
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ipMatch

For OWASP ruleset on Windows

1. Log into the Plesk.
2. Go to Tools & Settings > Web Application Firewall (ModSecurity) >Settings.
3. Add the rule below into the Custom directives field:
  SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
  
  Where:
  55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
  203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.
4. Press the OK button to apply the changes.

For Comodo ruleset

Via Plesk GUI

Log into the Plesk.
Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.
Add the rule below into the Custom directives field:
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.
Press the OK button to apply the changes.

Using command-line method

Connect to the server via SSH.
Create/ open for editing ModSecurity file that is used for IP whitelisting:

For Debian based systems (Ubuntu/Debian):

# vi /etc/apache2/plesk.conf.d/modsecurity.conf

For RHEL based systems (CentOS/CloudLinux):

# vi /etc/httpd/conf/plesk.conf.d/modsecurity.conf

Add the following rule in 1 line there:

SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.
Check Apache syntax:

For…

Related Posts

Your Complete .htaccess Guide: Including .htaccess Basics and More

NGINX vs Apache – Which Is the Best Web Server in 2024?

Top Web Servers For Linux And Windows

Knowledge Base

How to enable leverage browser caching for Apache in Plesk

How to enable remote access to MySQL/MariaDB server in Plesk?

Unable to upload file to website on Plesk: Request body no files data length is larger than the configured limit

All websites hosted in Plesk are not accessible over HTTPS: 502 Bad Gateway or ERR_CONNECTION_REFUSED

Hosting Wiki