Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 11154 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable country blocking for WAF rule

jamesharper

I want to block China from /wp-admin for all my published websites (~200 of), but the only options for site path routing are IP Host and Network.

How can I enable country blocking for WAF rules?

thanks

James



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    I'm not sure what you mean. Did you miss that I only want to block /wp-admin path?

    James

  • 0 in reply to jamesharper

    Hi James,

    To block connections from different countries, my suggestion would be to create a Drop action Firewall Rule. Unfortunately, there is no option to block a specific country host for a site path. However, we can block clients with a bad reputation by enabling it in the Web Server | Protection Policies

    What will be blocked?

    Enable this to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information. Sophos uses the following classification providers: RBL sources:
     
    • Commtouch IP Reputation (ctipd.org)
    • http.dnsbl.sorbs.net
    The GeoIP source is Maxmind. The WAF blocks clients that belong to one of the following Maxmind categories:
     
    • A1: Anonymous proxies or VPN services used by clients to hide their IP address or their original geographical location.
    • A2: Satellite providers are ISPs that use satellites to provide Internet access to users all over the world, often from high-risk countries.
    Skip remote lookups for clients with a bad reputation (only applicable if Block clients with a bad reputation is enabled)
     
    Enable to use GeoIP-based classification which uses the cached information only and is therefore much faster. As reputation lookups include sending requests to remote classification providers, using reputation-based blocking may slow down your system.
     
    Thanks,
  • 0 in reply to sachingurung

    Seems to don't work currently.

    I try this with version 18.0.

    I place this "country blocking rule" ontop of WAF rules and block "europe continent" (includes germany)

    But I am are able to open WAF-Pages (try to reboot XG too).