Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_security geoip rule doesn't work

Discussion in 'Security' started by doktorrr, Feb 26, 2018.

Tags:
  1. doktorrr

    doktorrr Member

    Joined:
    Feb 26, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    TB
    cPanel Access Level:
    Root Administrator
    I want to block traffic from India and Pakistan. On my WHM I have enabled mod_security. I've followed this article:
    Blocking visitors from certain countries
    1. Download the latest MaxMind GeoLite2 Country database in legacy format (the binary gzip one).
    2. Unzip the file, and upload it to your server. You can put it wherever you like; e.g., /usr/share/GeoIP.
    3. Log on to WHM, and go Security Center -> ModSecurity Configuration.
    4. Scroll down to the Geolocation Database section, and enter the path to the GeoIP.dat file you uploaded. If you used the file location above, it would be: /usr/share/GeoIP/GeoIP.dat
    5. Scroll down and Save your changes

    1. Go Security Center -> ModSecurity Tools ->Rules List -> Add Rule.
    2. Paste your edited rule in the Rule Text box.
    Code:
    # Test IP address and block by country code
    SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:1,drop,log,msg:'Blocking %{geo.country_code}'"
    SecRule GEO:COUNTRY_CODE "@pm IN PK"
    1. Check the box for "Deploy and Restart Apache".
    2. Click "Save".
    However, this doesn't work for me. In hits list I get nothing. I have VPN and I can load my website from India (VPN).

    Anybody have an idea what's wrong?
     

    Attached Files:

  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,182
    Likes Received:
    1,756
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any particular error messages in /usr/local/apache/logs/error_log when attempting to test the rules? Check to ensure you are not encountering the issue referenced on the following thread:

    ModSecurity + MPM ITK compatibility

    Thank you.
     
  3. doktorrr

    doktorrr Member

    Joined:
    Feb 26, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    TB
    cPanel Access Level:
    Root Administrator
    Thank you for your answer. This module you mention is disabled. Ther's no errors in /usr/local/apache/logs/error_log
     
  4. doktorrr

    doktorrr Member

    Joined:
    Feb 26, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    TB
    cPanel Access Level:
    Root Administrator
    I found this error:
    Error while opening data file /usr/share/GeoIP/GeoIP.dat
    Something's wrong with this file.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,182
    Likes Received:
    1,756
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you confirm if you are using Mod_Ruid2 on this system?

    Thank you.
     
  6. doktorrr

    doktorrr Member

    Joined:
    Feb 26, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    TB
    cPanel Access Level:
    Root Administrator
    Mod Ruid2 is also disabled. I trying with GeoIp module.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,182
    Likes Received:
    1,756
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  8. Tearabite

    Tearabite Well-Known Member

    Joined:
    Nov 28, 2010
    Messages:
    71
    Likes Received:
    11
    Trophy Points:
    58
    Location:
    Southern California
    cPanel Access Level:
    Root Administrator
    If this continues to be a problem you could install CSF Firewall which blocks all ports (not just port 80 http requests) and has a simple, block by country option.
     
  9. doktorrr

    doktorrr Member

    Joined:
    Feb 26, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    TB
    cPanel Access Level:
    Root Administrator
    Now, I have a problem with GeoIP module too. Is there any way to safely remove this module from Apache2?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,182
    Likes Received:
    1,756
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @doktorrr,

    Were you able to open the support ticket? If so, please post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page