Question
How to whitelist a single/multiple IP addresses for ModSecurity in Plesk?
Answer
Apply one of the solutions below:
For OWASP ruleset on Linux
-
Connect to the server via SSH.
- Create/ open for editing ModSecurity file that is used for IP whitelisting:
For Debian based systems (Ubuntu/Debian):
# vi /etc/apache2/modsecurity.d/000ipwhitelist.conf
For RHEL based systems (CentOS/CloudLinux):
# vi /etc/httpd/conf/modsecurity.d/rules/000ipwhitelist.conf
-
Add the following rule in 1 line there:
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified. - Check Apache syntax:
For Debian based systems (Ubuntu/Debian):
# apache2ctl -t
For RHEL based systems (CentOS/CloudLinux):
# httpd -t
- If, in accordance with step #4, the syntax is not OK, fix it. If it is OK, apply the new configuration:
For Debian based systems (Ubuntu/Debian):
# service apache2 reload
For RHEL based systems (CentOS/CloudLinux):
# service httpd reload
Note: Whitelist rules should be placed before other rules.
For details see: ModSecurity Core Ruleset documentation - Writing Whitelist Modifications
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#ipMatch
For OWASP ruleset on Windows
-
- Log into the Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity) >Settings.
- Add the rule below into the Custom directives field:
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified. - Press the OK button to apply the changes.
For Comodo ruleset
- Via Plesk GUI
- Log into the Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.
- Add the rule below into the Custom directives field:
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified. - Press the OK button to apply the changes.
- Using command-line method
-
Connect to the server via SSH.
-
Create/ open for editing ModSecurity file that is used for IP whitelisting:
For Debian based systems (Ubuntu/Debian):
# vi /etc/apache2/plesk.conf.d/modsecurity.conf
For RHEL based systems (CentOS/CloudLinux):
# vi /etc/httpd/conf/plesk.conf.d/modsecurity.conf
Add the following rule in 1 line there:
SecRule REMOTE_ADDR "@ipMatch 203.0.113.0/24,192.0.2.2" "id:3,phase:1,t:none,log,pass,ctl:ruleRemoveById=55666"
Where:
55666 - is the existing ModSecurity Rule and it should be replaced with the required rule ID.
203.0.113.0/24 - IP addresses that are required to whitelist. Multiple, comma-separated, addresses can be also specified.
Check Apache syntax:For…
with