Plesk

How to whitelist IP addresses for ModSecurity in Plesk?

  • Dmitry Bystrov

    • Question

    How to whitelist a single/multiple IP addresses for ModSecurity in Plesk?

    Answer

    Apply one of the solutions below:

    For OWASP ruleset on Linux

    1. Connect to the server via SSH.

    2. Create/ open for editing ModSecurity file that is used for IP whitelisting:

      For Debian based systems (Ubuntu/Debian):

      # vi /etc/apache2/modsecurity.d/000ipwhitelist.conf

      For RHEL based systems (CentOS/CloudLinux):

      # vi /etc/httpd/conf/modsecurity.d/rules/000ipwhitelist.conf

    3. Add the following rule in 1 line there:

      SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

      Where:
      55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
      203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.  

    4. Check Apache syntax:

      For Debian based systems (Ubuntu/Debian):

      # apache2ctl -t

      For RHEL based systems (CentOS/CloudLinux):

      # httpd -t

    5. If, in accordance with step #4, the syntax is not OK, fix it. If it is OK, apply the new configuration:

      For Debian based systems (Ubuntu/Debian):

      # service apache2 reload

      For RHEL based systems (CentOS/CloudLinux):

      # service httpd reload

    Note: Whitelist rules should be placed before other rules.
    For details see:     ModSecurity Core Ruleset documentation - Writing Whitelist Modifications 
    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ipMatch

    For OWASP ruleset on Windows

      1. Log into the Plesk.
      2. Go to Tools & Settings > Web Application Firewall (ModSecurity) >Settings.
      3.  Add the rule below into the Custom directives field:

        SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

        Where:
        55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
        203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.  

      4. Press the OK button to apply the changes.

    For Comodo ruleset

    • Via Plesk GUI
    1. Log into the Plesk.
    2. Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.
    3.  Add the rule below into the Custom directives field:

      SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

      Where:
      55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
      203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.  

    4. Press the OK button to apply the changes.

     

    • Using command-line method

    1. Connect to the server via SSH.

    2. Create/ open for editing ModSecurity file that is used for IP whitelisting:

      For Debian based systems (Ubuntu/Debian):

      # vi /etc/apache2/plesk.conf.d/modsecurity.conf

      For RHEL based systems (CentOS/CloudLinux):

      # vi /etc/httpd/conf/plesk.conf.d/modsecurity.conf

      Add the following rule in 1 line there:

      SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"

      Where:
      55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
      203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.  
      Check Apache syntax:

      For…

    Tweet
    Share
    Share
    Email
    0 Shares