Re: [mod-security-users] Geo Blocking with new maxmind Database
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Geo Blocking with new maxmind Database
|
From: Blason R <bla...@gm...> - 2020-04-13 13:41:28
|
That is good idea Homesh and many thanks for the Input. However I am using nginx as reverse proxy and just starting with modsecurity in reverse proxy. Just curious to know how are you analyzing the log files? ELK or any other? On Mon, Apr 13, 2020 at 6:56 PM homesh joshi <ho...@gm...> wrote: > Dear Blason, > > This is how I am using with Apache 2.4 and modsec 2.9.3 > > SecGeoLookupDb /File-path-for-maxmind4.dat/maxmind4.dat > SecRule REMOTE_ADDR "@geoLookup" > "phase:1,chain,id:28,drop,msg:'Geolocation Blocked'" > SecRule GEO:COUNTRY_CODE "@pm PK CN PE" > > Yes with modsec 2.9 you need the db file in legacy dat format. > On searching it on google I found this third party URL where maxmind db > file in DAT format is available. > > https://dl.miyuru.lk/geoip/maxmind/city/maxmind4.dat.gz > > Hope this helps > > Thanks, > Homesh > > > > > On Mon, Apr 13, 2020 at 6:15 PM Blason R <bla...@gm...> wrote: > >> Hi Folks, >> >> Can someone please divert me to the documentation for configuring Geo >> blocking with CRS modsec rules? I tried downloading the maxmind db but >> >> 1. After change of maxmind DB what is the way to download the maxmind >> GeoIP2 database? How can we enable scheduling as well? >> 2. Since default GeoIpv2 downloads in .mmdb format I guess nginx refuse >> to start >> >> Nginx 1.17.9 >> Modsec 3.2.0 >> >> TIA >> blason R >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
