How can i make a rule for mod security to only allow specific IP database to access a file name, for example i want to block any IP out of Indonesia IP to accesss register.php
Below is the rule to only block:
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile china_ip.txt" "id:999999,rev:1,severity:2,deny,log,msg:'Block China'"
I'm not a mod-security specialist, but I believe you may use Positive security model to deny access to all requests that doesn't fulfill specific rules.
In your case, you want first to check if the requested URI is register.php, and if the IP is from Indonesia then allow access. I think you may chain the two conditions - it would look something like this:
SecRule REQUEST_URI "GET /.register.php" chain
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile indonesia_ip.txt" "id:999999,nolog,phase:1,allow"
I have no way to test it right now, but I hope this serves as hint of what to to.
Keep in mind though that there is no way to detect proxy-routed accesses, so IP-based blocks may only ward off direct connections.
