[Mod-security-rules] Problem with regex on SERVER_NAME SecRule
Brought to you by:
victorhora,
zimmerletw
From: Tom M. <to...@do...> - 2016-09-12 09:37:12
|
Hi all, I’m having an issue with a Mod Security rule that I have written and can’t figure out the problem. I have multiple domains on our server running Wordpress and want to block access to any of the Wordpress login scripts (wp-login.php) for any non-UK IP address. One of my sites (we’ll call this test.org.uk) is accessed from overseas so I’m trying to skip that domain. Here’s the rule; SecRule REQUEST_FILENAME "@streq /wp-login.php" "chain,id:1,phase:1,t:none,log,drop,msg:'Client IP not from UK'" SecRule SERVER_NAME “!test\.org\.uk$" "chain" SecRule REMOTE_ADDR "@geoLookup" "chain" SecRule GEO:COUNTRY_CODE "!@streq GB" "t:none" This rule works except that it seems to completely ignore line 2; SecRule SERVER_NAME “!test\.org\.uk$" “chain" Can anyone offer a solution? Kindest regards, Tom |