Hi, i already install the geoipupdate and configurations of Maxmind. Maxmind update sucessfully. But mod_security dont appears to work.
File OK !
/usr/share/GeoIP/GeoLite2-Country.mmdb
And change configurations in:
/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master
For Deny:
SecDefaultAction “phase:1,log,auditlog,deny,status:406”
SecDefaultAction “phase:2,log,auditlog,deny,status:406”
Plus (Forbidden file extensions and better for tests like domain.com/xxxx.bak)
SecAction
"id:900240,
phase:1,
nolog,
pass,
t:none,
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .ba> …
Of course
SecGeoLookupDB /usr/share/GeoIP/GeoLite2-Country.mmdb
With the rules of blocking country
SecAction \
"id:900600,\
“id:910100,
phase:1,
nolog,
pass,
t:none,
setvar:‘tx.high_risk_country_codes=UA ID YU LT EG RO BG TR RU PK MY CN NL’”
Cyber panel
Any idea ? Thanks !
