i have configured it like this as follows so far. i have this in my user conf file at the top: Include /usr/local/apache/conf/modsec2.whitelist.conf then i have this in my white list conf: # ConfigServer ModSecurity whitelist file <LocationMatch .*> SecRule REMOTE_ADDR "@pmFromFile /usr/local/apache/conf/whitelist.txt" "phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:10341230" </LocationMatch> now i assume that <LocationMatch .*> apply's to everything yes? - if not what is the correct syntax to make it apply globally throughout all of mod security/apache? and in my whitelist.txt i have the IP's going like this: 192.168.1.1,192.168.0.1,192.168.1.50 these are just sample IP's. but is it the correct format? or do i do an IP per a line? i just need to white list some of the server Ip's that keep getting picked up as a false positive..