cPhulk Countries / Regions management

[krembo99]

I have 2 Questions regarding CpHullk :

1 - How does the Regions VS. Countries priority work ?

I have AP (AP) Listed as a Country in the CpHulk countries list. I assume this is AP = ASIA PACIFIC as a region. The second region would be EU.

So my question is : If I blacklist ( or Whitelist ) China / Korea / Taiwan / Japan for example, and AP is unspecified / The opposite - what would the priority be then ?

CN, KR, TW, JP - Blacklist
AP - white list / Unspecified

What would be the outcome / How should I treat the regions VS Countries in Combination ?

2- During some tests - I Had GB ( United Kingdom ) Specifically blacklisted ( AND EU ) , however, when testing I can login through a VPN with a server IP in London. Is there some Bug in CpHulk or am I configuring something wrong ?

 

[cPanelMichael]

Hello @krembo99,

Information about the GeoIP database utilized with cPHulk is found at the top the following file:

/usr/local/cpanel/3rdparty/share/geoipfree/IpToCountry.dat

Here's the particular section that pertains to the AP country code:

# CTRY : 2 character international country code
# NOTE: ISO 3166 2-letter code of the organisation to which the
# allocation or assignment was made, and the enumerated variances of:
# AP - non-specific Asia-Pacific location
# CS - Serbia and Montenegro
# YU - Serbia and Montenegro (Formally Yugoslavia) (Being phased out)
# EU - non-specific European Union location
# FX - France, Metropolitan
# PS - Palestinian Territory, Occupied
# UK - United Kingdom (standard says GB)
# * ZZ - IETF RESERVED address space.

AP in the context of country codes used with cPHulk is for non-specific Asia-Pacific locations.

Here are the links to the GeoIP FAQ and IP address database that cPHulk utilizes if you want to check which country cPHulk will detect for an IP address:

GEO IP Database FAQ
IP to Country Database (IPV4 and IPV6)

Let me know if this helps.

Thank you.

 

[krembo99]

Thank you for your reply .
I will do some test myself regarding said region VS Countries, but think that I get the priorities regarding non-specific locations.

But point 2 in my question still remains.
Shouldn't CpHulk prevent such logins ?
Since I have wrote this questions I have confirmed this behavior with 3 other servers in 3 different countries ( Usiing OpenVpn, StrongSwan/WireGuard, Custom IpSec )
All 3 ( actually 4 with London ) were specifically blacklisted - and yet - I was able to login to WHM through the web interface.

 

[cPanelMichael]

But point 2 in my question still remains.
Shouldn't CpHulk prevent such logins ?
Since I have wrote this questions I have confirmed this behavior with 3 other servers in 3 different countries ( Usiing OpenVpn, StrongSwan/WireGuard, Custom IpSec )
All 3 ( actually 4 with London ) were specifically blacklisted - and yet - I was able to login to WHM through the web interface.

Hello @krembo99,

Did you browse to the link below and confirm the Country listed for the IP address in-question matches the country name that you blocked?

IP to Country Database (IPV4 and IPV6)

Thank you.

 

[compufixpro]

Hello to cPanel Support, I dont know if this ticket is still open, and did not see the response or solution to the authors 2nd question.

Here is my problem.

I block countries on a client server via cPHulk Brute Force Protection. The USA is white listed and works well, however once my client uses a vpn located within the USA he gets denied access to server control panel (cPanel) and denied email, webmail and WHM access. My question is, if the VPN IP Address is within the USA and country USA is whitelisted on cPHulk Brute Force Protection, why is my client denied access? Thank you in advance!