The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Owasp 900022

Discussion in 'Security' started by kernow, Feb 6, 2015.

  1. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Can anyone explain what this rule does? does it block visitors from the Countries listed or is it just warning?
    Owasp 900022

    Code:
    # -=[ High Risk Fraud Countries ]=-
    #
    # Rules in the IP Reputation file will check the client against a list of HIGH Risk
    # country codes. These countries were identified by ClearCommerce:
    #
    # - Ukraine
    # - Indonesia
    # - Yugoslavia
    # - Lithuania
    # - Egypt
    # - Romania
    # - Bulgaria
    # - Turkey
    # - Russia
    # - Pakistan
    # - Malaysia
    #
    # Additionally, based on WAF alert analysis reports, China is also included.
    #
    # If you have legitimate customers originating from one of these countries, you should
    # remove it from this list.
    #
    SecAction "id:'900022', phase:request, nolog, pass, t:none, setvar:'tx.high_risk_country_codes=UA ID YU LT EG RO BG TR RU PK MY CN'"
     
  2. xanubi

    xanubi Well-Known Member

    Joined:
    Jun 28, 2006
    Messages:
    86
    Likes Received:
    1
    Trophy Points:
    8
    Unfortunetly it does nothing. It should block that countries, but it doesn't do that. It's broken.
     
  3. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    "sigh" Thanks for the info.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    The action chain on the rule simply sets a variable, it's not set to block. Later rules may take that variable into account. Rules generally have "allow, deny, or pass." Allow and deny are pretty self explanatory; allow is used to whitelist something and deny is used in most rules to block the requests. The action "pass" means to neither block nor allow the request, but simply execute the non-disruptive actions such as the "setvar" action and then continue processing later rules for the request ("Allow" skips the later rule processing, and deny blocks instantly on a match.)
     
    #6 quizknows, Feb 9, 2015
    Last edited: Feb 9, 2015
  7. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    @quizknows
    Maybe cpanel should have handed these rules over to you for checking before unleashing them on us ;)
     
Loading...

Share This Page