Whitelisting

Certain IPs can be whitelisted so that the mod_security rules do not apply to them. The documentation hints how to whitelist a single IP, but they do not mention how to block an IP-range.

The following rule, placed in /etc/apache2/mod-security/whitelist.conf:

SecRule REMOTE_ADDR "^192\.168\.[0-1]{1}\.[0-9]{1,3}$" phase:1,nolog,allow,ctl:ruleEngine=off

will whitelist:

192.168.0.0-255
192.168.1.0-255

so that none of the other rules apply to those connecting IPs.