Dear Josh, Mind to ask you something, what the different between GEO:COUNTRY_CODE and GEO:COUNTRY_CODE3 ?
Please advice. TQ From: Josh Amishav-Zlatin Sent: Tuesday, September 02, 2014 5:51 PM To: Mesra.net CEO Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) On Tue, Sep 2, 2014 at 12:42 PM, Mesra.net CEO <[email protected]> wrote: Dear Josh, Thanks for idea, anyway I found this: # Forbid file upload SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data Hi, SecFilterSelective is no longer a valid ModSec directive. But how can I combine the rule with country limit ? I’m very sorry and I’m still blur. SecRule GEO:COUNTRY_CODE3 "!@streq JPN" "id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain" SecRule REQUEST_HEADERS:Content-Type "multipart/form-data" t:none,t:lowercase - Josh Please help From: Josh Amishav-Zlatin Sent: Tuesday, September 02, 2014 5:32 PM To: Mesra.net CEO Cc: OWASP Mod Security Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) On Tue, Sep 2, 2014 at 11:38 AM, Mesra.net CEO <[email protected]> wrote: Dear Josh, Thanks you so much for your help, but I think that only for the file name UploadFiles.aspx, how about globally upload, Hi, One way to implement this could be to update the chained rule to search for the presence of multipart/form-data in the REQUEST_HEADERS:Content-Type variable instead. - Josh frankly speaking I try to protect what ever upload by the hackers from the buggy script of Joomla or Wordpress, lately I’m facing a lot of trouble were hackers upload their files and run the script for sending thousands of spam mail. Please help and Thank you so much From: Josh Amishav-Zlatin Sent: Tuesday, September 02, 2014 4:32 PM To: Mesra.net CEO Cc: OWASP Mod Security Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) On Tue, Sep 2, 2014 at 3:34 AM, Mesra.net CEO <[email protected]> wrote: Dear All, I’m looking the rule for allow upload for only specific country, for example I will allow only Japan to upload any type of files to upload and the rest countries will Access denied. Hi, First you need to define where the GeoDB is. This can be done in the CRS 10 file. SecGeoLookupDb /opt/modsecurity/bin/GeoLiteCity.dat Next you need to pass the client's IP address (REMOTE_ADDR) to the @geoLookup operator via a rule like: SecRule REMOTE_ADDR "@geoLookup" "id:1,phase:1,t:none,pass,nolog" Finally you limit access to the upload script (e.g. /UploadFiles.aspx) to client IP addresses originating in Japan SecRule GEO:COUNTRY_CODE3 "!@streq JPN" "id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain" SecRule REQUEST_URI "@rx /UploadFiles.aspx" Note, this was not tested YMMV. - Josh Please help _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
