0

Is it possible to ignore specific rules (OWASP CRS for ModSecurity on NGINX) for a specific group of whitelisted IPs?

Thanks

NOP-MOV
  • 792
  • 2
  • 8
  • 28

1 Answers1

2

Yes. You can add IP Based whitelisting for specific rules in ModSecurity. Please refer to the doc from the link below:

https://www.modsecurity.org/CRS/Documentation/exceptions.html

and

https://malware.expert/tutorial/how-to-whitelist-ip-address-with-modsecurity/

aarvee
  • 139
  • 1
  • 5
  • Don't know if there is a secret sause, but per those links I've tried to disable a rule with **SecRule REMOTE_ADDR ".ip.." "id:21,ctl:ruleRemoveById=90000011" ** and SecRule REMOTE_ADDR ".ip." "id:21,phase:1,nolog,allow,ctl:ruleRemoveById=90000011" but both fail - whereas ` SecRule REMOTE_ADDR ".ip." "id:21,phase:1,nolog,allow,ctl:ruleEngine=Off" ` does work, but is not IP-specific so not useful to me (modsecurity verion 1.5.2) – Jack Aug 22 '19 at 01:56
  • PS: would really like to know why inserting the supposed comment formatting characters, per the "help" link, has no effect (ran out of time at 5 mins trying to find a solution, so above has no formatting. Sorry. – Jack Aug 22 '19 at 02:03