How to Whitelist an IP Address Using Mod_Security

apache magento mod-security
Nataraj picture Nataraj · Sep 11, 2014 · Viewed 7.9k times · Source

I cannot access my magneto admin panel.I have added below code to .htaccess .syntax code is not working for me.please tell me how to disable the mod_security for my IP address.

syntax code:

SetEnvIfNoCase Remote_Addr ^208.xxx.xxx.103$ MODSEC_ENABLE=Off

**Error : **

Forbidden

You don't have permission to access /manage on this server.

Answer

Alex Moleiro picture Alex Moleiro · Feb 11, 2015

It is important to know which phase you need to apply your rule. In my case, and maybe the most of the cases, you should user this command:

SecRule REMOTE_ADDR "@ipMatch 66.249.0.0/16" "id:26091975,phase:2,pass,nolog,allow,ctl:ruleEngine=Off"

You may notice that I am allowing Googlebot to access using a ip-block

You may read this official info to get more confident https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ipMatch

I my particular case, I am using this command in: /usr/local/apache/conf/modsec2.user.conf

You can see working the rule I've just set

Related questions

Apache: edit to .conf file produces "Invalid command 'Header'"

In Magento CE, I'd like to install an add-on to Extendware Page Cache called Lightening Cache. It requires editing the Apache configuration inside the virtual host definition for the site, by adding: RewriteEngine On RewriteMap ewpchash prg:/home/.../shell/extendware/…

Read More
client denied by server configuration: app/etc/local.xml

I have installed magento on one of my test server to study the features Here when i navigate thru the admin site or upload some pictures for any product, the apache server will stop . When i opened the apache error …

Read More
mod_pagespeed magento

Has anyone used mod_pagespeed in a magento store? Does it break anything (like custom optimizations etc?) Very Interested of using it, but suffering from luck of resources...

Read More