Re: [mod-security-users] SecRule TX:HIGH_RISK_COUNTRY_CODES does not trigger ?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

ModSec 3.0 here :)

DebugLog is as follow:

[4] (Rule: 910100) Executing operator "Rx" with param "^$" against TX:HIGH_RISK_COUNTRY_CODES.
[9] Target value: "CH YU LT EG" (Variable: TX:HIGH_RISK_COUNTRY_CODES)
[9] Matched vars updated.
[4] Running [independent] (non-disruptive) action: msg
[9] Saving msg: Client IP is from a HIGH Risk Country Location.
[4] Running [independent] (non-disruptive) action: log
[9] Saving transaction to logs
[4] Rule returned 1.
[4] Executing chained rule.
[4] (Rule: 0) Executing operator "GeoLookup" with param "" against TX:REAL_IP.
[9] Target value: "37.0.34.57" (Variable: TX:REAL_IP)
[4] Rule returned 0.
[9] Matched vars cleaned.

So 910100 actually does trigger, but the “block” action is not applied. Could you shed a light on that ? :)

Again, thanks much for your help with this,

Best,

Fred