How to Whitelist an IP Address Using Mod_Security

By Ben Richard

If your business has a website, you may be familiar with the mod_security module for Apache Web servers. ModSecurity is a firewall module for Apache servers that blocks malicious programs, scripts and injections, helping to keep your website more secure. Occasionally, you might need to bypass the module filters to accommodate a testing environment or to allow access for a particular IP address, such as for a developer working at home. Whitelisting is a straightforward task that you can accomplish with a simple text editor.

With .htaccess

Browse to your website's root directory, which should be the top directory on your server. On a local server, the default is "C:\Apache(version)\htdocs\", which is the same as http://localhost. On a Linux server, the root directory is usually "/usr/local/apache/htdocs/". On a hosted server, this will generally be the directory with your Web page name, such as "http://www.mywebsite.com/".

Open the ".htaccess" file in the root directory with your preferred text editor.

Add the following line before any of the mod_security rules are called (near the top is easiest):

SetEnvIfNoCase REMOTE_ADDR ^115.100.121.176$ MODSEC_ENABLE=Off

Replace the IP address shown in the above example with the IP address that you want to whitelist.

With mod_security.conf

Browse to your "mod_security.conf" file. This should be at "C:\Apache(version)\conf\mod_security.conf" or within your "httpd.conf" file in the same directory. For Linux, this is usually "/etc/httpd/modsecurity.d/modsecurity.conf". Note that this method only works on servers where you have access to the core server files.

Open the configuration file with your preferred text editor.

Add the following to disable mod_security for a particular IP address, replacing the IP address in the example with the one that you want to whitelist:

SecRule REMOTE_ADDR "^115.100.121\176$" phase:1,nolog,allow,ctl:ruleEngine=Off

Warnings

Always be careful when whitelisting as you are making your server less secure. Only do this when necessary and for IP addresses you trust.

×