Knowledge Base

How to whitelist IP addresses for ModSecurity in Plesk?

Question

How to whitelist a single/multiple IP addresses for ModSecurity in Plesk?

Answer

Connect to the server via SSH.
Create/ open for editing ModSecurity file that is used for IP whitelisting:
For Debian based systems (Ubuntu/Debian):

# vi /etc/apache2/modsecurity.d/000ipwhitelist.conf

For RHEL based systems (CentOS/CloudLinux):

# vi /etc/httpd/conf/modsecurity.d/rules/000ipwhitelist.conf
Add the following rule in 1 line there:
```
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
```
Where:
55666 – is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 – IP addresses that required to whitelist. Multiple, comma-separated, addresses can be also specified.
Check Apache syntax:
For Debian based systems (Ubuntu/Debian):

# apache2ctl -t

For RHEL based systems (CentOS/CloudLinux):

# httpd -t
If syntax is not OK, fix it. If it is OK, apply the new configuration:
For Debian based systems (Ubuntu/Debian):

# service apache2 reload

For RHEL based systems (CentOS/CloudLinux):

# service httpd reload

Note: Whitelist rules should be placed before other rules.
For details see: https://www.modsecurity.org/CRS/Documentation/exceptions.html
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ipMatch

Related Posts

NGINX vs Apache – Which Is the Best Web Server in 2021?

CentOS Project Announces Early End-of-Life Date for CentOS 8

How to Install and Configure CSF

Knowledge Base

How to enable leverage browser caching for Apache in Plesk

All websites hosted in Plesk are not accessible over HTTPS: 502 Bad Gateway or ERR_CONNECTION_REFUSED

Website on Plesk server is not accessible: 504 Gateway Time-out: The timeout specified has expired: [client 203.0.113.2:54693] AH01075: Error dispatching request to

How to restart Apache service in Plesk for Linux