Simple minimal ruleset for whitelisting my trus IP doesn't work and make "403 Access denied" error. SecDefaultAction phase:2,log,deny,status:403 SecRule REMOTE_ADDR "^x\.x\.x\.x$" allow Reproducible: Always
modsec_debug.log: [/][4] Initialising transaction (txid D7gJt1nQIQgAADOFBYgAAAAA). [/][4] Transaction context created (dcfg 80f9980). [/][4] Starting phase REQUEST_HEADERS. [/][4] Second phase starting (dcfg 80f9980). [/][4] Input filter: This request does not have a body. [/][4] Time #1: 378 [/][4] Starting phase REQUEST_BODY. [/][4] Recipe: Invoking rule 812b8e8. [/][4] Executing operator rx with param "^x\\.x\\.x\\.x$" against REMOTE_ADDR. [/][4] Operator completed in 42 usec. [/][4] Rule returned 1. [/][1] Access allowed (phase 2). Pattern match "^x\\.x\\.x\\.x$" at REMOTE_ADDR. [/][4] Time #2: 14281 [/index.php][4] Phase REQUEST_BODY subrequest already intercepted with code 403. As I see in sources, this bug was introduced by mod_security-2.1.1-request_interception.patch, that was to have been provide support to mod_limitipconn
mod_security-2.1.2 in cvs, should be fixed