I've installed mod_security2 and read the cPanel docs:
How to Install and Configure ModSecurity in cPanel
but I have a few other questions.
I install OWASP? What does it do?
2. I see under "Configuration" that I can provide a link to a MaxMind database under SecGeoLookupDb. What, exactly, does this do? I would LOVE to be able to block non-US IPs for specific domains instead of using CSF to do it server-wide!
The OWASP (Open Web Application Security Project) ModSecurity CRS (Core Rule Set) is a set of rules that Apache’s ModSecurity® module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.
please read more here:
The OWASP (Open Web Application Security Project) ModSecurity CRS (Core Rule Set) is a set of rules that Apache®'s ModSecurity® module can use to help protect your server.
Maxmind is also avail in CSF you need to follow the link in CSF to signup Free account and add the API code and change CSF section to 1 to activate Maxmind. it is a IP database. pretty good as far as I can tell cause I have been using it as well in CSF, to block countries by country code. example CN.RU.VN ( China, Russia, Vietnam )
There is an option as well to only allow US and not have to add all the above country codes in CSF see below:
I believe the difference will be that CSF protects the back layer of your server and ModSecurity OWASP protect your websites frontend layer from other attacks.
but CSF is a Huge plus in my opinion when blocking IP's with Maxmind for the server.
if you go to your CSF
Select from the Drop down : Country Code Lists and Settings
Maxmind settings and info:
MaxMind GeoLite2 Country/City and ASN databases at:
Develop applications using industry-leading IP intelligence and risk scoring.
This feature relies entirely on that service being available
Advantages: This is a one stop shop for all of the databases required for
these features. They provide a consistent dataset for blocking and reporting
Disadvantages: MaxMind require a license key to download their databases.
This is free of charge, but requires the user to create an account on their
website to generate the required key:
WARNING: As of 2019-12-29, MaxMind REQUIRES you to create an account on their
site and to generate a license key to use their databases. See:
You MUST set the following to continue using the IP lookup features of csf,
otherwise an error will be generated and the features will not work.
Alternatively set CC_SRC below to a different provider
MaxMind License Key:
= (Enter your Key here)
2. DB-IP, ipdeny.com, iptoasn.com
Advantages: The ipdeny.com databases form CC blocking are better optimised
and so are quicker to process and create fewer iptables entries. All of these
databases are free to download without requiring login or key
Disadvantages: Multiple sources mean that any one of the three could
interrupt the provision of these features. It may also mean that there are
inconsistences between them
The free IP geolocation database downloads are updated monthly. They are available in CSV and MMDB format and distributed under the Creative Commons Attribution License. Learn more about these database downloads here along with our other databases and Lite editions.
Free IP address to ASN database
Set the following to your preferred source:
"1" - MaxMind
"2" - db-ip, ipdeny, iptoasn
The default is "2" on new installations of csf, or set to "1" to use the
MaxMind databases after obtaining a license key
= (Enter 1 here)
Just further down same section you can select CC_ALLOW_FILTER = US
this will allow only US IPs to your serverwide
An alternative to CC_ALLOW is to only allow access from the following
countries but still filter based on the port and packets rules. All other
connections are dropped
= (enter US here)
hope that helps