We have a list of IPs that we want blocked. I currently have them blocked at the firewall, I would like to create a file that ModSecurity will read, and block those IPs. This is a pretty big list, as it has been created over a couple years. Is there a way to do this with ModSecurity?
Asked
Active
Viewed 831 times
1
-
I came across this. Would it suffice? Obviously I need to create the blacklist.dat file. *********************************************************** SecAction phase:1,nolog,pass,\ setvar:TX.REMOTE_ADDR=/%{REMOTE_ADDR}/ ************************************************************************* SecRule "@pmFromFile blacklist.dat"\ "phase:1,log,block,msg:'IP address on blacklist'" – Seth May 18 '20 at 18:45
-
How would this be beneficial in comparison to blocking them at the firewall? – Esa Jokinen May 18 '20 at 20:28
-
I think I figured out the rule I need and got it work. But we are moving to Azure, and the firewall option isn't there. You get an NSG and/or a WAF, so in that case it is better to make ModSecurity do the work, maintaining a NSG would not be possible or desirable – Seth May 19 '20 at 16:47