Try to use all SecRules like this and add an explicit phase action - SecRule REQUEST_FILENAME "@endsWith wp-login.php" "chain,id:88888880,phase:request,drop,msg:'Non-Japan IP address'" SecRule REMOTE_ADDR "@geoLookup" "chain" SecRule GEO:COUNTRY_CODE !@streq JP<mailto:!@streq%20JP> "t:none"
Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: "Mesra.net CEO" <ad...@mesra.my<mailto:ad...@mesra.my>> Date: Friday, September 5, 2014 1:24 AM To: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: [Owasp-modsecurity-core-rule-set] Problem with the Rule Dear all, I think I have problem with below rule: <LocationMatch "wp-login.php"> SecRule REMOTE_ADDR "@geoLookup" "chain,id:88888880,drop,msg:'Non-Japan IP address'" SecRule GEO:COUNTRY_CODE !@streq JP<mailto:!@streq%20JP> "t:none" </LocationMatch> What I’m trying to do is to block any access out of Japan to wp-login.php file, what I see on the Apache log, its only working with POST but its doesn’t work with GET Please help. TQ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
