1

I have mod security installed on my server. It is working for all IP addresses.

Now I need to EXCLUDE specific IP addresses from applying this mod-security. How can I do so? Is there a way to control it using apache?

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
Alaa Alomari
  • 638
  • 5
  • 18
  • 37

1 Answers1

3

Here the article. The first one is IP based too. what luck.

Excerpt from that page.

Disabling mod_security conditionally per IP ^

This will make sure that you aren't processed by mod_security, but this only works if you have a static IP (Get your IP information). Just add this towards the top of your .htaccess file. before your mod_security code. Setting this variable causes the module to be disabled for this specific IP address, this means you won't run into any problems while posting yourself..

SetEnvIfNoCase Remote_Addr ^208.113.183.103$ MODSEC_ENABLE=Off


# You can use multiple SetEnvIf directives to control it further.
# This only turns it off for your IP + a POST request method.
#
# SetEnvIf Remote_Addr ^208.113.183.103$ MODSEC_ENABLE=Off
# SetEnvIf Request_Method !^POST$ MODSEC_ENABLE=On
masegaloeh
  • 17,978
  • 9
  • 56
  • 104
PHGamer
  • 410
  • 1
  • 4
  • 7