Re: [mod-security-users] mod_maxminddb support
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_maxminddb support
|
From: Christian F. <chr...@ne...> - 2018-09-07 12:26:52
|
Thank you Marc. This is most useful. Could have looked this up myself,
but I thought it was faster that way.
Cheers,
Christian
On Fri, Sep 07, 2018 at 11:19:46AM +0200, Marc Stern wrote:
> Here is how I use it (simplified version):
>
> Initialisation:
>
> # TX.remote_addr contains the IP I want to use, depending on reverse
> proxy, ...
> SecAction "phase:1,nolog,setenv:MMDB_ADDR=%{TX.remote_addr}"
> # Enable MaxMindDB
> MaxMindDBEnable On
> MaxMindDBFile CITY_DB "path_to_the_DB"
> MaxMindDBEnv geo_country_code CITY_DB/country/iso_code
>
> Block a country (e.g. Japan):
>
> SecRule ENV:geo_country_code "@streq JP" "phase:2,t:none,deny"
>
>
> Regards
>
>
> *Marc Stern
> *Approach Belgium <https://www.approach.be>
> Axis Park - Rue Edouard Belin 7 - 1435 Mont-Saint-Guibert - Belgium
> Follow us: <https://www.linkedin.com/company/16513/>
> <https://twitter.com/ApproachBe>
> /*Inspiring the cyber-security community*/
>
>
> This e-mail and any attachment are confidential and intended solely for the
> use of the individual to whom it is addressed. If you are not the intended
> recipient, please contact the sender and delete this message and any
> attachment from your system. Unauthorised publication, use, dissemination,
> forwarding, printing or copying of this e-mail and its associated
> attachments is strictly prohibited.
> On 06-09-18 15:28, Christian Folini wrote:
> > Hey Marc,
> >
> > This sounds very good. Thank you for your work.
> >
> > Could you given an example of you we can integrate the mod_maxminddb and
> > the new db into ModSecurity. Say use a 2-letter country code in a SecRule
> > construct? I have not tried this out yet.
> >
> > Best,
> >
> > Christian
> >
> > On Thu, Sep 06, 2018 at 09:22:00AM +0200, Marc Stern wrote:
> > > As you know, the geo-localisation databases used by ModSecurity are no more
> > > updated.
> > > Maxmind, the databases provider, developed a new DB format and provides its
> > > own module (mod_maxminddb).
> > > mod_maxminddb was lacking a feature to integrate it smoothly with
> > > ModSecurity: settings the IP address from inside a rule. I introduced this
> > > feature some time ago and I'm happy to announce that this patch was merged
> > > in Maxmind's code and is thus officially part of the module.
> > > You can now set an environment variable in a rule - in (real) phase 1 - and
> > > mod_maxminddb will use this IP address as source.
> > > Note that, for most uses, mod_remote_ip is an easier solution.
> > >
> > > *Marc Stern*
> > > Approach Belgium <https://www.approach.be>
> > > Axis Park - Rue Edouard Belin 7 - 1435 Mont-Saint-Guibert - Belgium
> > > Follow us: <https://www.linkedin.com/company/16513/>
> > > <https://twitter.com/ApproachBe>
> > > /*Inspiring the cyber-security community*/
> > >
> > > ------------------------------------------------------------------------------
> > > Check out the vibrant tech community on one of the world's most
> > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > http://www.modsecurity.org/projects/commercial/rules/
> > > http://www.modsecurity.org/projects/commercial/support/
> > ------------------------------------------------------------------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
> >
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
