Accessibility is the magic word for todays blog. If you’re lucky enough to run a website, then the whole world has access to it by default!
Now lets imagine that the website you’re running is targeted for a geographically specific customer base such as the USA. You get up one morning and decide to take a look at your web analytic reports, and find that Japan is where the second largest volume of traffic is coming from. At which point, you might start thinking about restricting traffic from specific countries that would only waste bandwidth on your server.
This is where our WAF comes in. The Web Application Firewall is based on ModSecurity which is an open source WAF for Apache, IIS, and Nginx for protecting against a many variety of attacks and allows for HTTP traffic monitoring and logging.
Update: A newer article on this topic is available here
A prerequisite for this guide is that you would already have the WAF configured with “Rule Engine traffic blocking” enabled on the Loadbalancer.org appliance.
Edit WAF Gateway
You can follow page 161 of our Admin guide on how to do so.
You will also require the Maxmind database. Maxmind provide a free IP lookup database. The basic country database is free for personal and business usage providing you do not distribute it. Maxmind normally update their database monthly, so it is a good idea to download their updates regularly.
Loadbalancer has a redistribution licence for our customers to make the process easier for you. We also pre-package the datbase in an easy to use format for the ModSecurity WAF.
We've made it as simple as possible for our customers with this single command to download the latest Maxmind database:
mkdir -p /usr/local/geo/data; curl https://downloads.loadbalancer.org/geo/GeoIP.dat -o /usr/local/geo/data/GeoIP.dat
Once this is done you will need to navigate via the WUI to:
Cluster Configuration -> WAF - Manual Configuration
WAF Manual Configuration
Select your WAF and apply the sample rule for ModSecurity to block traffic from Japan:
SecGeoLookupDb /usr/local/geo/data/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block Japan IP address'"
SecRule GEO:COUNTRY_CODE "@streq JP"
Update and reload the WAF.
In this example we used Japan, but you can find the full set of country codes on the Maxmind website.