To block access from specific countries to a system, log into the ASL GUI and click on the ASL option on the left hand side of the GUI. Then click "Blocking" and select the GeoBlocking option. Then uncheck check the box of any countries in the list you want to block, then click Update.
If you do not have ASL/AWP installed, and are just using our modsecurity rules you will need to add a custom rule to block the countries you want to block. In your custom rules file, you will need to add these rules, in the example below China (CN) and Hong Kong (HK) are blocked. Replace CN and HK with the country codes you want to block.
SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:12345,status:403,drop,msg:'User Custom Geoblocking Rule has blocked access from a prohibited country',t:none"
SecRule GEO:COUNTRY_CODE "@pm CN HK"
Additionally, you will need to download the GeoLite2 or paid Geo location databases from MaxMind and change the path in the SecGeoLookupDB to the location of the GeoIP.dat file on your system. On some Linux distributions this may already be installed.
You can read more on the free GeoLite database from MaxMind at the URL below:
https://dev.maxmind.com/geoip/geoip2/geolite2/