I'm migrating from Apache 2.4 back to IIS 10. IIS does have a IP restriction interface but there is noway to GEO ban by country. Is there a similar module than Apache Maxmind Geo IP module for IIS? Also, what is the workflow (if any) to remotely add (by code) an entry to that IP list in the IP restriction interface?
Cheers
One option is to use ModSecurity, an open source, cross-platform web application firewall (WAF) module, as it has support for IIS. Download ModSecurity for IIS MSI Installer and follow Installation information for IIS for prerequisites and installation instructions.
When you have installed ModSecurity and configured it for your site, things works similarly in IIS, Apache and Nginx.
ModSecurity uses ModSecurity Rule Language for describing how to operate with HTTP transaction data. There are many things you could do with the "Swiss Army Knife" of WAFs, but you can use the GEO collection for
blocking a country, lets say North Korea
SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block North Korea IP address'"
SecRule GEO:COUNTRY_CODE "@streq KP"
blocking anything outside the United Kingdom
SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,id:22,drop,msg:'Non-GB IP address'"
SecRule GEO:COUNTRY_CODE "!@streq GB"
for the rest you have already figured out the pattern and also able to read the Reference Manual.
