github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 06:57:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated geo docs.

Browse Source
This commit is contained in:
b1v1r
2009-06-02 15:35:21 +00:00
parent 510ab38397
commit d07e92c2f2
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
doc/modsecurity2-apache-reference.xml
View File

@@ -6,7 +6,7 @@
Manual</title> Manual</title>
<articleinfo> <articleinfo>
<releaseinfo>Version 2.5.10-dev1 (May 29, 2009)</releaseinfo> <releaseinfo>Version 2.5.10-dev1 (June 2, 2009)</releaseinfo>
<copyright> <copyright>
<year>2004-2009</year> <year>2004-2009</year>
@@ -2836,11 +2836,12 @@ SecRule <emphasis>ENV:tag</emphasis> "suspicious"</programlisting>
<section> <section>
<title><literal moreinfo="none">GEO</literal></title> <title><literal moreinfo="none">GEO</literal></title>
<para><literal>GEO</literal> is a collection populated by the <literal <para><literal>GEO</literal> is a collection populated by the results of
moreinfo="none">@geoLookup</literal> operator. It can be used to match the last <literal moreinfo="none">@geoLookup</literal> operator. The
geographical fields looked up by an IP address or hostname.</para> collection can be used to match geographical fields looked from an IP
address or hostname.</para>
<para>Available since 2.2.0.</para> <para>Available since ModSecurity 2.5.0.</para>
<para>Fields:</para> <para>Fields:</para>
@@ -2903,7 +2904,9 @@ SecRule <emphasis>ENV:tag</emphasis> "suspicious"</programlisting>
<para>Example:</para> <para>Example:</para>
<programlisting format="linespecific">SecRule REMOTE_ADDR "<emphasis>@geoLookup</emphasis>" "chain,drop,msg:'Non-GB IP address'" <programlisting format="linespecific">SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
...
SecRule REMOTE_ADDR "<emphasis>@geoLookup</emphasis>" "chain,drop,msg:'Non-GB IP address'"
SecRule GEO:COUNTRY_CODE "!@streq GB"</programlisting> SecRule GEO:COUNTRY_CODE "!@streq GB"</programlisting>
</section> </section>
@@ -5455,8 +5458,9 @@ SecRule ARGS:route "!<emphasis>@endsWith %{REQUEST_ADDR}</emphasis>" t:none,deny
<title><literal>geoLookup</literal></title> <title><literal>geoLookup</literal></title>
<para><emphasis>Description:</emphasis> This operator looks up various <para><emphasis>Description:</emphasis> This operator looks up various
data fields from an IP address or hostname. The results will be captured data fields from an IP address or hostname in the target data. The
in the <literal moreinfo="none">GEO</literal> collection.</para> results will be captured in the <literal moreinfo="none">GEO</literal>
collection.</para>
<para>You must provide a database via <literal <para>You must provide a database via <literal
moreinfo="none">SecGeoLookupDb</literal> before this operator can be moreinfo="none">SecGeoLookupDb</literal> before this operator can be
@@ -5471,7 +5475,9 @@ SecRule ARGS:route "!<emphasis>@endsWith %{REQUEST_ADDR}</emphasis>" t:none,deny
lookup, then do something like this (look for an empty GEO lookup, then do something like this (look for an empty GEO
collection):</para> collection):</para>
<programlisting format="linespecific">SecRule REMOTE_ADDR "@geoLookup" "pass,nolog" <programlisting format="linespecific">SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
...
SecRule REMOTE_ADDR "@geoLookup" "pass,nolog"
SecRule &amp;GEO "@eq 0" "deny,status:403,msg:'Failed to lookup IP'"</programlisting> SecRule &amp;GEO "@eq 0" "deny,status:403,msg:'Failed to lookup IP'"</programlisting>
</note> </note>