[Owasp-modsecurity-core-rule-set] Whitelist?

Osama Elnaggar oelnaggar04 at gmail.com
Wed Jul 5 01:56:17 UTC 2017

If you are using CRS 3, you have your request exclusion rules in the file
REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example Remove the .example and
uncomment the exclusion rules you want.  Here is an example of a commented
rule that will whitelist an IP:

# White-list ASV network block (no blocking or logging of AVS traffic)
# IP network block as appropriate for your AVS traffic
# ModSec Rule Exclusion: Disable Rule Engine for known ASV IP
# SecRule REMOTE_ADDR "@ipMatch" \
#     "phase:1,id:1000,pass,nolog,ctl:ruleEngine=Off"

Even if you aren't using CRS, you can use the above rule and customize it
with the IP you want to whitelist

Osama Elnaggar

On July 5, 2017 at 11:27:31 AM, Arthur E. Johnston (
arthurjohnston at verizon.net) wrote:

Does a method exist to whitelist an IP address?

Thank you,

Arthur Johnston

Meadowbrook Kennels

Home of Seacrest Cocker Spaniels & Meadowbrook Border Terriers


Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20170704/3804794b/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list