Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 43 subscribers
  • Views 12454 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable country blocking for WAF rule

jamesharper

I want to block China from /wp-admin for all my published websites (~200 of), but the only options for site path routing are IP Host and Network.

How can I enable country blocking for WAF rules?

thanks

James



This thread was automatically locked due to age.
Parents
  • 0

    Hi James,

    Simply create a DROP action firewall rule on the TOP and block the country in the source network. Refer to, SF: Configure Country Blocking!

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    I'm not sure what you mean. Did you miss that I only want to block /wp-admin path?

    James

  • 0 in reply to jamesharper

    Hi James,

    To block connections from different countries, my suggestion would be to create a Drop action Firewall Rule. Unfortunately, there is no option to block a specific country host for a site path. However, we can block clients with a bad reputation by enabling it in the Web Server | Protection Policies

    What will be blocked?

    Enable this to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information. Sophos uses the following classification providers: RBL sources:
     
    • Commtouch IP Reputation (ctipd.org)
    • http.dnsbl.sorbs.net
    The GeoIP source is Maxmind. The WAF blocks clients that belong to one of the following Maxmind categories:
     
    • A1: Anonymous proxies or VPN services used by clients to hide their IP address or their original geographical location.
    • A2: Satellite providers are ISPs that use satellites to provide Internet access to users all over the world, often from high-risk countries.
    Skip remote lookups for clients with a bad reputation (only applicable if Block clients with a bad reputation is enabled)
     
    Enable to use GeoIP-based classification which uses the cached information only and is therefore much faster. As reputation lookups include sending requests to remote classification providers, using reputation-based blocking may slow down your system.
     
    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0 in reply to jamesharper

    Hi James,

    To block connections from different countries, my suggestion would be to create a Drop action Firewall Rule. Unfortunately, there is no option to block a specific country host for a site path. However, we can block clients with a bad reputation by enabling it in the Web Server | Protection Policies

    What will be blocked?

    Enable this to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information. Sophos uses the following classification providers: RBL sources:
     
    • Commtouch IP Reputation (ctipd.org)
    • http.dnsbl.sorbs.net
    The GeoIP source is Maxmind. The WAF blocks clients that belong to one of the following Maxmind categories:
     
    • A1: Anonymous proxies or VPN services used by clients to hide their IP address or their original geographical location.
    • A2: Satellite providers are ISPs that use satellites to provide Internet access to users all over the world, often from high-risk countries.
    Skip remote lookups for clients with a bad reputation (only applicable if Block clients with a bad reputation is enabled)
     
    Enable to use GeoIP-based classification which uses the cached information only and is therefore much faster. As reputation lookups include sending requests to remote classification providers, using reputation-based blocking may slow down your system.
     
    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
Unfiltered HTML