Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 11153 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable country blocking for WAF rule

jamesharper

I want to block China from /wp-admin for all my published websites (~200 of), but the only options for site path routing are IP Host and Network.

How can I enable country blocking for WAF rules?

thanks

James



This thread was automatically locked due to age.
  • 0

    Hi James,

    Simply create a DROP action firewall rule on the TOP and block the country in the source network. Refer to, SF: Configure Country Blocking!

    Thanks,

  • 0 in reply to sachingurung

    I'm not sure what you mean. Did you miss that I only want to block /wp-admin path?

    James

  • 0 in reply to jamesharper

    Hi James,

    To block connections from different countries, my suggestion would be to create a Drop action Firewall Rule. Unfortunately, there is no option to block a specific country host for a site path. However, we can block clients with a bad reputation by enabling it in the Web Server | Protection Policies

    What will be blocked?

    Enable this to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information. Sophos uses the following classification providers: RBL sources:
     
    • Commtouch IP Reputation (ctipd.org)
    • http.dnsbl.sorbs.net
    The GeoIP source is Maxmind. The WAF blocks clients that belong to one of the following Maxmind categories:
     
    • A1: Anonymous proxies or VPN services used by clients to hide their IP address or their original geographical location.
    • A2: Satellite providers are ISPs that use satellites to provide Internet access to users all over the world, often from high-risk countries.
    Skip remote lookups for clients with a bad reputation (only applicable if Block clients with a bad reputation is enabled)
     
    Enable to use GeoIP-based classification which uses the cached information only and is therefore much faster. As reputation lookups include sending requests to remote classification providers, using reputation-based blocking may slow down your system.
     
    Thanks,
  • 0

    wp-admin suggests you're running Wordpress sites. Have you looked at the WPS hide Login plugin? This allows you to "move" the admin login path so that you can create a non-standard wp-admin login path so that anyone navigating to yourdomain.com/wp-admin will fail.

  • 0 in reply to NashBrydges

    Hi NashBrydges,

    Instead of block IP's China you are able to block all and allow some IP which you usually use.

    If all of site of you is protected by only one Sophos device, I think you should create VPN connection to access site path /wp-admin and block all IP on Internet. This is best solution for you, just secure.

  • 0 in reply to sachingurung

    Seems to don't work currently.

    I try this with version 18.0.

    I place this "country blocking rule" ontop of WAF rules and block "europe continent" (includes germany)

    But I am are able to open WAF-Pages (try to reboot XG too).