Question
How to whitelist a single/multiple IP addresses for ModSecurity in Plesk?
Answer
-
Connect to the server via SSH.
- Create/ open for editing ModSecurity file that is used for IP whitelisting:
For Debian based systems (Ubuntu/Debian):
# vi /etc/apache2/modsecurity.d/000ipwhitelist.conf
For RHEL based systems (CentOS/CloudLinux):
# vi /etc/httpd/conf/modsecurity.d/rules/000ipwhitelist.conf
-
Add the following rule in 1 line there:
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
Where:
55666 – is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 – IP addresses that required to whitelist. Multiple, comma-separated, addresses can be also specified. - Check Apache syntax:
For Debian based systems (Ubuntu/Debian):
# apache2ctl -t
For RHEL based systems (CentOS/CloudLinux):
# httpd -t
- If syntax is not OK, fix it. If it is OK, apply the new configuration:
For Debian based systems (Ubuntu/Debian):
# service apache2 reload
For RHEL based systems (CentOS/CloudLinux):
# service httpd reload
Note: Whitelist rules should be placed before other rules.
For details see: https://www.modsecurity.org/CRS/Documentation/exceptions.html
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ipMatch