Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Backport libMaxMinddb (new GeoIP) support to 2.9.x #1727
There is a milestone for the version 2.9.3 here:
We don't have an ETA for the release yet.
Is that anyone from the community that is willing to help with the development of this backport?
The implementation for v3 is here:
The logic is available only and only if ModSecurity was compiled with maxmind support.
MaxMind and GeoIp can co-exist. In that case, the choice [run time] is based on the specified database.
If you need, count with my support during the development.
referenced this issue
Apr 16, 2018
A standard use case is to protect certain parts of an application (-> path tree, typically the admin interface) via GeoIP and ModSecurity. This reduces your attack surface tremendously.
Other people assign different CRS anomaly thresholds based on GeoIP.
It is also very helpful to display the GeoIP country code next to the IP address in the combined access log. This works without a real format change as the position for 'logname' has been abandoned twenty years ago and it is unused every since. Putting the country code there with the help of an environment variable is very simple if you have GeoIP.
Yes, there is this user Marc Stern who had a solution:
@zimmerle thanks for this information.
for us this module is no option, because we run over 200 servers with modsecurity and complex proxy rules... there is no way to change the whole infrastructure.
thats why we choosed the way to monthly extract the information from GeoLite2-Country