Re: [Owasp-modsecurity-core-rule-set] Problem with the Rule

Tue, 09 Sep 2014 05:32:26 -0700 

Dear Ryan,

Thank you so much


From: Ryan Barnett 
Sent: Friday, September 05, 2014 9:53 PM
To: Mesra.net CEO ; owasp-modsecurity-core-rule-set@lists.owasp.org 
Subject: Re: [Owasp-modsecurity-core-rule-set] Problem with the Rule

Try to use all SecRules like this and add an explicit phase action -

SecRule REQUEST_FILENAME "@endsWith wp-login.php" 
"chain,id:88888880,phase:request,drop,msg:'Non-Japan IP address'"
SecRule REMOTE_ADDR "@geoLookup" "chain"
SecRule GEO:COUNTRY_CODE !@streq JP "t:none"



Ryan Barnett

Senior Lead Security Researcher, SpiderLabs



Trustwave | SMART SECURITY ON DEMAND

www.trustwave.com


From: "Mesra.net CEO" <ad...@mesra.my>
Date: Friday, September 5, 2014 1:24 AM
To: "owasp-modsecurity-core-rule-set@lists.owasp.org" 
<owasp-modsecurity-core-rule-set@lists.owasp.org>
Subject: [Owasp-modsecurity-core-rule-set] Problem with the Rule


  Dear all,

  I think I have problem with below rule:

  <LocationMatch "wp-login.php"> 
  SecRule REMOTE_ADDR "@geoLookup" "chain,id:88888880,drop,msg:'Non-Japan IP 
address'"
  SecRule GEO:COUNTRY_CODE !@streq JP "t:none"
  </LocationMatch>

  What I’m trying to do is to block any access out of Japan to wp-login.php 
file, what I see on the Apache log, its only working with POST but its doesn’t 
work with GET

  Please help. TQ




--------------------------------------------------------------------------------

This transmission may contain information that is privileged, confidential, 
and/or exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
strictly prohibited. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, 
whether in electronic or hard copy format.

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to