On Tue, Sep 2, 2014 at 11:38 AM, Mesra.net CEO <[email protected]> wrote:
> Dear Josh, > > Thanks you so much for your help, but I think that only for the file name > UploadFiles.aspx, how about globally upload, > Hi, One way to implement this could be to update the chained rule to search for the presence of multipart/form-data in the REQUEST_HEADERS:Content-Type variable instead. - Josh > frankly speaking I try to protect what ever upload by the hackers from the > buggy script of Joomla or Wordpress, lately I’m facing a lot of trouble > were hackers upload their files and run the script for sending thousands of > spam mail. > > Please help and Thank you so much > > > *From:* Josh Amishav-Zlatin <[email protected]> > *Sent:* Tuesday, September 02, 2014 4:32 PM > *To:* Mesra.net CEO <[email protected]> > *Cc:* OWASP Mod Security <[email protected]> > *Subject:* Re: [Owasp-modsecurity-core-rule-set] (no subject) > > On Tue, Sep 2, 2014 at 3:34 AM, Mesra.net CEO <[email protected]> wrote: > >> Dear All, >> >> I’m looking the rule for allow upload for only specific country, for >> example I will allow only Japan to upload any type of files to upload and >> the rest countries will Access denied. >> > > Hi, > > First you need to define where the GeoDB is. This can be done in the CRS > 10 file. > > SecGeoLookupDb /opt/modsecurity/bin/GeoLiteCity.dat > > Next you need to pass the client's IP address (REMOTE_ADDR) to the > @geoLookup operator via a rule like: > > SecRule REMOTE_ADDR "@geoLookup" "id:1,phase:1,t:none,pass,nolog" > > Finally you limit access to the upload script (e.g. /UploadFiles.aspx) to > client IP addresses originating in Japan > > SecRule GEO:COUNTRY_CODE3 "!@streq JPN" > "id:2,phase:1,t:none,log,deny,msg:'Client IP not from Japan',chain" > SecRule REQUEST_URI "@rx /UploadFiles.aspx" > > Note, this was not tested YMMV. > > - Josh > > > >> >> Please help >> >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> >> >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
