[Mod-security-rules] Problem with regex on SERVER_NAME SecRule

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

I’m having an issue with a Mod Security rule that I have written and can’t figure out the problem.

I have multiple domains on our server running Wordpress and want to block access to any of the Wordpress login scripts (wp-login.php) for any non-UK IP address. One of my sites (we’ll call this test.org.uk) is accessed from overseas so I’m trying to skip that domain. Here’s the rule;

	SecRule REQUEST_FILENAME "@streq /wp-login.php" "chain,id:1,phase:1,t:none,log,drop,msg:'Client IP not from UK'"
	SecRule SERVER_NAME “!test\.org\.uk$" "chain"
	SecRule REMOTE_ADDR "@geoLookup" "chain"
	SecRule GEO:COUNTRY_CODE "!@streq GB" "t:none"

This rule works except that it seems to completely ignore line 2;

	SecRule SERVER_NAME “!test\.org\.uk$" “chain"

Can anyone offer a solution?

Kindest regards,

Tom