Enable country blocking for WAF rule

Question

I want to block China from /wp-admin for all my published websites (~200 of), but the only options for site path routing are IP Host and Network. 
 How can I enable country blocking for WAF rules? 
 thanks 
 James

sachingurung · Answer

Hi James, 
 Simply create a DROP action firewall rule on the TOP and block the country in the source network. Refer to, SF: Configure Country Blocking! 
 Thanks,

sachingurung · Answer

Hi James, 
 To block connections from different countries, my suggestion would be to create a Drop action Firewall Rule. Unfortunately, there is no option to block a specific country host for a site path. However, we can block clients with a bad reputation by enabling it in the Web Server | Protection Policies . 
 What will be blocked? 
 Enable this to block clients which have a bad reputation according to their classification, based on GeoIPClosed and RBLClosed information. Sophos uses the following classification providers: RBL sources:

Commtouch IP Reputation (ctipd.org) 
 http.dnsbl.sorbs.net 
 
 The GeoIP source is Maxmind. The WAF blocks clients that belong to one of the following Maxmind categories:

A1: Anonymous proxies or VPN services used by clients to hide their IP address or their original geographical location. 
 A2: Satellite providers are ISPs that use satellites to provide Internet access to users all over the world, often from high-risk countries. 
 
 Skip remote lookups for clients with a bad reputation (only applicable if Block clients with a bad reputation is enabled) 
 
 Enable to use GeoIP-based classification which uses the cached information only and is therefore much faster. As reputation lookups include sending requests to remote classification providers, using reputation-based blocking may slow down your system. 
 
 Thanks,