Mod_security geoip rule doesn't work

doktorrr

Member
Feb 26, 2018
6
0
1
TB
cPanel Access Level
Root Administrator
I want to block traffic from India and Pakistan. On my WHM I have enabled mod_security. I've followed this article:
Blocking visitors from certain countries
  1. Download the latest MaxMind GeoLite2 Country database in legacy format (the binary gzip one).
  2. Unzip the file, and upload it to your server. You can put it wherever you like; e.g., /usr/share/GeoIP.
  3. Log on to WHM, and go Security Center -> ModSecurity Configuration.
  4. Scroll down to the Geolocation Database section, and enter the path to the GeoIP.dat file you uploaded. If you used the file location above, it would be: /usr/share/GeoIP/GeoIP.dat
  5. Scroll down and Save your changes

  1. Go Security Center -> ModSecurity Tools ->Rules List -> Add Rule.
  2. Paste your edited rule in the Rule Text box.
Code:
# Test IP address and block by country code
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:1,drop,log,msg:'Blocking %{geo.country_code}'"
SecRule GEO:COUNTRY_CODE "@pm IN PK"
  1. Check the box for "Deploy and Restart Apache".
  2. Click "Save".
However, this doesn't work for me. In hits list I get nothing. I have VPN and I can load my website from India (VPN).

Anybody have an idea what's wrong?
 

Attachments

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Do you notice any particular error messages in /usr/local/apache/logs/error_log when attempting to test the rules? Check to ensure you are not encountering the issue referenced on the following thread:

ModSecurity + MPM ITK compatibility

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Can you confirm if you are using Mod_Ruid2 on this system?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hi @doktorrr,

Were you able to open the support ticket? If so, please post the ticket number here and we will update this thread with the outcome.

Thank you.