-> https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/284
I had to fix the GeoIP blocking rule as well. It would use @pm with macro expansion of tx.high_risk_country_codes but @pm does not perform macro expansion. Replaced with @within and placed a note in the reference manual. So it looks like people never complained about this rule because it never blocked anything. I also made sure that a GeoIPLookup is only performed on a defined and non-empty tx.high_risk_country_codes. I run this test with "!^$". It's the way the core rules check for empty headers as well. However, I wonder if there is not way to do this test without involving a (supposedly costly) regex. Feedback welcome. Ahoj, Christian -- It is curious that physical courage should be so common in the world, and moral courage so rare. -- Mark Twain _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
