On Tue, Sep 2, 2014 at 3:34 AM, Mesra.net CEO <[email protected]> wrote:
> Dear All,
>
> I’m looking the rule for allow upload for only specific country, for
> example I will allow only Japan to upload any type of files to upload and
> the rest countries will Access denied.
>
Hi,
First you need to define where the GeoDB is. This can be done in the CRS 10
file.
SecGeoLookupDb /opt/modsecurity/bin/GeoLiteCity.dat
Next you need to pass the client's IP address (REMOTE_ADDR) to the
@geoLookup operator via a rule like:
SecRule REMOTE_ADDR "@geoLookup" "id:1,phase:1,t:none,pass,nolog"
Finally you limit access to the upload script (e.g. /UploadFiles.aspx) to
client IP addresses originating in Japan
SecRule GEO:COUNTRY_CODE3 "!@streq JPN"
"id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain"
SecRule REQUEST_URI "@rx /UploadFiles.aspx"
Note, this was not tested YMMV.
- Josh
>
> Please help
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> [email protected]
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
