Tuesday, November 17, 2015

Black/Whitelist Geolocation with ModSecurity

I had the request to Whitelist a special GEO location from one of my customers for his Web application. 

I analyzed current solutions with Cloudflare and others but most of them are charging regularly fees. 

I found this guide, how to set up GEPO Location checking with MOD SECURITY and choose this way. 
(Additionally I will create a cron job to update GEO location file once /month)

2) install MOD security

3) activate geo location DB in mod security configuration file

SecGeoLookupDb /path/to/apache/conf/base_rules/GeoLiteCity.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,t:none,pass,nolog"

4) block non us locations in custom rule file. for example allow only USA
SecRule GEO:COUNTRY_CODE3 "!@streq USA" "phase:1,t:none,log,deny,msg:'Client IP not from USA'"

That’s all. Cheap and fast :)