On Tue, Sep 24, 2013 at 3:02 PM, Reinhard Kocznar <off...@kocznar.com>wrote:

>  Hello,****
>
> ** **
>
> I use mod_security (OWASP_CRS/2.2.7) on a Windows 2003 Server with Apache
> 2.7.4. This works fine, and I want to use SecGeoLookupDb to block some
> countries. Unfortunately I do not come clear with the documentation for
> this job. Can anybody help?****
>
> **
>

Hi Reinhard,

Have your tried something like the following. The example below defines
where the GeoLiteCity database is stored. I chose /opt/modsecurity/var/lib
but you could put the db somewhere else on your system. You can download
the database from http://www.maxmind.com/. FWIW, the GEOIP2 databases do
not work with ModSecurity (yet). Next I created a rule to lookup the remote
IP address and deny the connection if the request did not come from a US
based IP address.

SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat

SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:1,deny,msg:'Non-US IP
address'"
  SecRule GEO:COUNTRY_CODE "!@streq US"

--
 - Josh

 **
>
> Thank you,****
>
> Reinhard Kocznar ****
>
> Zeus Versicherungsberatung e.U.
> Versicherungsmakler und Berater in Versicherungsangelegenheiten ****
>
> Koernerstrasse 13                    Telefon +43 512 393824
> A-6020 Innsbruck                       Fax +43 512 394617 ****
>
> http://www.zeus-1.at/ <http://www.kocznar.com/> -
> http://www.available-light.org/ ****
>
> -------------------------------------------------------------------------------------------
> ****
>
> *Hamster im Laufrad*, Essay, Limbus, Innsbruck ISBN 978-3-902534-92-7****
>
> http://books.kocznar.com/****
>
> ** **
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to