Dear Josh, Thanks you so much for your help, but I think that only for the file name UploadFiles.aspx, how about globally upload, frankly speaking I try to protect what ever upload by the hackers from the buggy script of Joomla or Wordpress, lately I’m facing a lot of trouble were hackers upload their files and run the script for sending thousands of spam mail.
Please help and Thank you so much From: Josh Amishav-Zlatin Sent: Tuesday, September 02, 2014 4:32 PM To: Mesra.net CEO Cc: OWASP Mod Security Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) On Tue, Sep 2, 2014 at 3:34 AM, Mesra.net CEO <[email protected]> wrote: Dear All, I’m looking the rule for allow upload for only specific country, for example I will allow only Japan to upload any type of files to upload and the rest countries will Access denied. Hi, First you need to define where the GeoDB is. This can be done in the CRS 10 file. SecGeoLookupDb /opt/modsecurity/bin/GeoLiteCity.dat Next you need to pass the client's IP address (REMOTE_ADDR) to the @geoLookup operator via a rule like: SecRule REMOTE_ADDR "@geoLookup" "id:1,phase:1,t:none,pass,nolog" Finally you limit access to the upload script (e.g. /UploadFiles.aspx) to client IP addresses originating in Japan SecRule GEO:COUNTRY_CODE3 "!@streq JPN" "id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain" SecRule REQUEST_URI "@rx /UploadFiles.aspx" Note, this was not tested YMMV. - Josh Please help _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
