Re: [mod-security-users] GEO:COUNTRY_CODE returns an empty string
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] GEO:COUNTRY_CODE returns an empty string
|
From: Dan E. <da...@eh...> - 2019-03-11 14:12:37
|
1. Can you trying running the command “lsof” to see if your GeoIP database file ever gets opened? 2. Also what’s the chmod on that maxminddb file? 3. Also also, have you tried putting it in “usr/local/share/GeoIP/GeoIP2-***.mmdb”. Maybe the ModSec 3 documentation says to do something different (not looking at it right now) but when using PHP/Go/Apache Web Server you’re always supposed to put it there. 4. Finally, you could try putting a small PHP program/file on your web server that prints out the country code (see the examples in the official PHP api by MaxMind: https://github.com/maxmind/GeoIP2-php/blob/master/README.md) to see if that works. This makes it much easier to troubleshoot. Sent from my iPhone > On Mar 11, 2019, at 8:30 AM, Felipe Costa <FC...@tr...> wrote: > > Hi Juan, > > Please, make sure that the IP is on the database with a country code record. The code is ready to fulfill the variable name and it is being tested here: > > https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/variable-GEO.json#L627 > > https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/variable-GEO.json#L161 > > There are utilities like geoiplookup that allow you to query the IP address from the command line. > > Br., > Felipe "Zimmerle" Costa > Security Researcher, Lead Developer ModSecurity > m: +55 81.98706.5547 > > > www.trustwave.com > > Recognized by industry analysts as a leader in managed security services. > > From: Juan Pablo Tosso <jt...@co...> > Sent: Monday, March 4, 2019 10:36 PM > To: mod...@li... > Subject: [mod-security-users] GEO:COUNTRY_CODE returns an empty string > > Hello, I have been trying to use geoip without success, I've tried with legacy format and new format, and updated databases. > > This is the current code: > SecGeoLookupDb /mnt/nginx/defaults/geoip/geoip.mmdb > SecRule GEO:COUNTRY_CODE "CL" "id:111,deny,log,logdata:'test',phase:1" > > I'm using modsecurity 3 in it's master branch with the nginx connector (master) and Nginx 1.15.9 > > I have also tried to print the value with tx but I receive a null value. > > Thank you > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
