How to White List an IP Address Using Mod_Security

Written by scott mcmahon
  • Share
  • Tweet
  • Share
  • Email

The mod_security plugin for the Apache Web server is designed to facilitate system security by blocking suspicious or unauthorised requests to your server. IP addresses that are not white listed by mod_security will have security rules applied to them, causing the system to scrutinise their traffic and possibly deny access to files.

Skill level:
Moderately Easy


  1. 1

    Open the ".htaccess" file for the directory or website mod_security runs on in your preferred text editor. These files are stored within the secured directory of your site.

  2. 2

    Open the Search function. Type "SecRule" and press "Enter."

  3. 3

    Above the first "SecRule," or security rule, in your .htaccess file, add the following line of text:

    SecRule REMOTE_ADDR "^192.168.0\101$" phase:1,nolog,allow,ctl:ruleEngine=Off

  4. 4

    Replace "" with the IP address you would like to white list. Be sure to add a backslash before each period in the address. For example, "" should be typed as ""

  5. 5

    Repeat the whitelist action for any additional secured domains within their ".htaccess" file.

Tips and warnings

  • You should white list system administrators, as they frequently need to perform tasks that mod_security will block.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.