How to block countries by domain

To block countries by domain, you'll need to create a custom rule file following the instructions at the URL at the bottom of this page, then create a custom ruleset like this:

SecGeoLookupDb /path/to/geo/data/GeoIP.dat
SecRule REMOTE_ADDR '@geoLookup' 'chain,id:12345,drop,msg:'Block China IP address''
SecRule REQUEST_HEADERS:Host '.domain.to.apply.this.to$' 't:none,t:lowercase,chain'
SecRule GEO:COUNTRY_CODE '@streq CN'

In the last line, list the countries you want to block by their ISO code. In the example above CN is for china. If you want to block more than one country, list them with spaces for example:

SecRule GEO:COUNTRY_CODE '@streq CN JP UK'

Finally, download the legacy country database found here. It’s important to get the legacy database in *.dat format, as the Apache ModSecurity module can’t use the newer *.MMDB format yet. Please it somewhere Apache can read the file, then change the path on that first line to that directory.

https://wiki.atomicorp.com/wiki/index.php/Mod_security#Installing_custom_rules

Michael Shinn

Articles in this section

Comments