Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 11172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable country blocking for WAF rule

jamesharper

I want to block China from /wp-admin for all my published websites (~200 of), but the only options for site path routing are IP Host and Network.

How can I enable country blocking for WAF rules?

thanks

James



This thread was automatically locked due to age.
Parents
  • 0

    Hi James,

    Simply create a DROP action firewall rule on the TOP and block the country in the source network. Refer to, SF: Configure Country Blocking!

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    I'm not sure what you mean. Did you miss that I only want to block /wp-admin path?

    James

  • 0 in reply to jamesharper

    Hi James,

    To block connections from different countries, my suggestion would be to create a Drop action Firewall Rule. Unfortunately, there is no option to block a specific country host for a site path. However, we can block clients with a bad reputation by enabling it in the Web Server | Protection Policies

    What will be blocked?

    Enable this to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information. Sophos uses the following classification providers: RBL sources:
     
    • Commtouch IP Reputation (ctipd.org)
    • http.dnsbl.sorbs.net
    The GeoIP source is Maxmind. The WAF blocks clients that belong to one of the following Maxmind categories:
     
    • A1: Anonymous proxies or VPN services used by clients to hide their IP address or their original geographical location.
    • A2: Satellite providers are ISPs that use satellites to provide Internet access to users all over the world, often from high-risk countries.
    Skip remote lookups for clients with a bad reputation (only applicable if Block clients with a bad reputation is enabled)
     
    Enable to use GeoIP-based classification which uses the cached information only and is therefore much faster. As reputation lookups include sending requests to remote classification providers, using reputation-based blocking may slow down your system.
     
    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Seems to don't work currently.

    I try this with version 18.0.

    I place this "country blocking rule" ontop of WAF rules and block "europe continent" (includes germany)

    But I am are able to open WAF-Pages (try to reboot XG too).


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hi,

    Please take a look at this recent thread. It is under investigation with Sophos:
    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/118893/geoip#pi2151=1

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Reply Children
No Data
Cookie Information Banner