If you are using CRS 3, you have your request exclusion rules in the file REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example Remove the .example and uncomment the exclusion rules you want. Here is an example of a commented rule that will whitelist an IP:
# White-list ASV network block (no blocking or logging of AVS traffic) Update # IP network block as appropriate for your AVS traffic # # ModSec Rule Exclusion: Disable Rule Engine for known ASV IP # SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ # "phase:1,id:1000,pass,nolog,ctl:ruleEngine=Off" Even if you aren't using CRS, you can use the above rule and customize it with the IP you want to whitelist -- Osama Elnaggar On July 5, 2017 at 11:27:31 AM, Arthur E. Johnston ( arthurjohns...@verizon.net) wrote: Does a method exist to whitelist an IP address? Thank you, Arthur Johnston Meadowbrook Kennels Home of Seacrest Cocker Spaniels & Meadowbrook Border Terriers http://www.seacrestcockers.com http://www.meadowbrook.co _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
