On Tue, Sep 2, 2014 at 5:52 PM, Mesra.net CEO <[email protected]> wrote:
> Dear Josh, > > Mind to ask you something, what the different between GEO:COUNTRY_CODE and > GEO:COUNTRY_CODE3 ? > ISO country codes come in 2 digit and 3 digit variables, so for Japan GEO:COUNTRY_CODE is JP and GEO:COUNTRY_CODE3 is JPN. Either variation is fine. - Josh > > Please advice. TQ > > > From: Josh Amishav-Zlatin > Sent: Tuesday, September 02, 2014 5:51 PM > To: Mesra.net CEO > Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) > > On Tue, Sep 2, 2014 at 12:42 PM, Mesra.net CEO <[email protected]> wrote: > > Dear Josh, > > Thanks for idea, anyway I found this: > > # Forbid file upload > SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data > > > Hi, > > SecFilterSelective is no longer a valid ModSec directive. > > > > > But how can I combine the rule with country limit ? I’m very sorry and I’m > still blur. > > > > SecRule GEO:COUNTRY_CODE3 "!@streq JPN" > "id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain" > SecRule REQUEST_HEADERS:Content-Type "multipart/form-data" > t:none,t:lowercase > > - Josh > > > > Please help > > > > From: Josh Amishav-Zlatin > Sent: Tuesday, September 02, 2014 5:32 PM > To: Mesra.net CEO > Cc: OWASP Mod Security > Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) > > On Tue, Sep 2, 2014 at 11:38 AM, Mesra.net CEO <[email protected]> wrote: > > Dear Josh, > > Thanks you so much for your help, but I think that only for the file name > UploadFiles.aspx, how about globally upload, > > > Hi, > > One way to implement this could be to update the chained rule to search > for the presence of multipart/form-data in the REQUEST_HEADERS:Content-Type > variable instead. > > - Josh > > > frankly speaking I try to protect what ever upload by the hackers from the > buggy script of Joomla or Wordpress, lately I’m facing a lot of trouble > were hackers upload their files and run the script for sending thousands of > spam mail. > > Please help and Thank you so much > > > From: Josh Amishav-Zlatin > Sent: Tuesday, September 02, 2014 4:32 PM > To: Mesra.net CEO > Cc: OWASP Mod Security > Subject: Re: [Owasp-modsecurity-core-rule-set] (no subject) > > On Tue, Sep 2, 2014 at 3:34 AM, Mesra.net CEO <[email protected]> wrote: > > Dear All, > > I’m looking the rule for allow upload for only specific country, for > example I will allow only Japan to upload any type of files to upload and > the rest countries will Access denied. > > > > Hi, > > First you need to define where the GeoDB is. This can be done in the CRS > 10 file. > > SecGeoLookupDb /opt/modsecurity/bin/GeoLiteCity.dat > > Next you need to pass the client's IP address (REMOTE_ADDR) to the > @geoLookup operator via a rule like: > > SecRule REMOTE_ADDR "@geoLookup" "id:1,phase:1,t:none,pass,nolog" > > Finally you limit access to the upload script (e.g. /UploadFiles.aspx) to > client IP addresses originating in Japan > > SecRule GEO:COUNTRY_CODE3 "!@streq JPN" > "id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain" > SecRule REQUEST_URI "@rx /UploadFiles.aspx" > > Note, this was not tested YMMV. > > - Josh > > > > > Please help > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > > > > > > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
