SecGeoLookupDB & file format

54 views
Skip to first unread message

Henry

unread,
May 27, 2020, 12:51:58 PM5/27/20
to ModSecurity Core Rule Set project
Greetings,

I would like to use the GeoIP feature of CRS to block by country-IP, however the crs-setup.conf file does not specify what file format the DB should be:

# Uncomment this rule to use this feature:
#
#SecGeoLookupDB util/geo-location/GeoIP.dat

util/upgrade.py --geoip -- no longer exists of course.

Maxmind allows you to download the following formats:  CSV and mmdb

Furthermore, the GeoLite2 download from Maxmind also provides several files:
GeoLite2-Country-Locations-en.csv  GeoLite2-Country-Locations-pt-BR.csv
GeoLite2-Country-Blocks-IPv4.csv   GeoLite2-Country-Locations-es.csv  GeoLite2-Country-Locations-ru.csv
GeoLite2-Country-Blocks-IPv6.csv   GeoLite2-Country-Locations-fr.csv  GeoLite2-Country-Locations-zh-CN.csv
GeoLite2-Country-Locations-de.csv  GeoLite2-Country-Locations-ja.csv

So - I'd appreciate some pointers on the best approach here:

1.  what file format to use from maxmind.
2.  which file above to use with SecGeoLookupDB.

... so that the following will work as expected:

SecAction \
 "id:900600,\
  phase:1,\
  nolog,\
  pass,\
  t:none,\
  setvar:'tx.high_risk_country_codes=UA ID YU LT EG RO BG TR RU PK MY CN'"

Thanks for any suggestions.

Regards
Henry

Reply all
Reply to author
Forward
0 new messages