How to Whitelist an IP Address Using Mod_Security

Nataraj picture Nataraj · Sep 11, 2014 · Viewed 7.9k times · Source

I cannot access my magneto admin panel.I have added below code to .htaccess .syntax code is not working for me.please tell me how to disable the mod_security for my IP address.

syntax code:

SetEnvIfNoCase Remote_Addr ^208.xxx.xxx.103$ MODSEC_ENABLE=Off

**Error : **

Forbidden

You don't have permission to access /manage on this server.

Answer

Alex Moleiro picture Alex Moleiro · Feb 11, 2015

It is important to know which phase you need to apply your rule. In my case, and maybe the most of the cases, you should user this command:

SecRule REMOTE_ADDR "@ipMatch 66.249.0.0/16" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"

You may notice that I am allowing Googlebot to access using a ip-block

You may read this official info to get more confident https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ipMatch

I my particular case, I am using this command in: /usr/local/apache/conf/modsec2.user.conf

You can see working the rule I've just set