Country Specific Firewall Rules

dave82 · May 19, 2022, 12:35am

I am setting up some firewall rules to limit excess traffic from spam bots in different countries.

We only need people from Australia and New Zealand to view our website, so I have implemented (ip.geoip.country ne “AU”) and (ip.geoip.country ne “NZ”)

Which has substantially reduced the amount of spam I am getting from bots.

However, we also use Malcare to manage our Wordpress security and plugins. Since limiting traffic to Au & NZ only, Malcare doesn’t appear to be scanning our site.

Is there a way I can add a rule to allow Malcare to acces the site?

Thanks

michael · May 20, 2022, 6:48pm

MalCare list their IP addresses on their site, so you need to add an expression to your firewall rule to exclude Malware. Something like the example below. I have also added Verified Bots, so that Google and such will be allowed index your site.

Firewall Rule

(not ip.src in {88.99.145.111 88.99.145.112 195.201.197.31 136.243.130.174 144.76.236.242 136.243.130.52 116.202.131.150 116.202.233.15 116.202.193.3 168.119.2.157 49.12.124.233 88.99.146.248 139.180.140.55 104.248.114.9 192.81.221.63 45.63.10.187 45.76.137.73 45.76.183.23 143.244.148.62 157.230.58.213 134.209.218.31 143.198.181.224 137.184.107.229 164.90.206.15 134.122.50.185 165.232.88.121 142.93.44.71 165.22.120.64 207.246.127.130 45.77.218.180 144.202.1.123 45.32.5.195 45.77.103.172 192.248.163.106 217.69.6.41 45.76.44.57 140.82.55.215 159.223.99.132 198.211.127.63 137.184.135.87 67.205.148.191 198.211.100.218 67.205.143.237 134.122.114.203 192.81.211.68 147.182.133.247 69.55.55.97 67.205.173.139 185.14.186.217 192.81.221.200 198.199.124.144 138.68.169.239 185.14.184.98 209.250.227.234 45.77.228.152 107.191.47.0 95.179.219.2 199.247.15.206 199.247.12.177 45.77.103.0 207.246.89.19 140.82.6.162 104.238.135.215 104.207.134.15 45.63.23.239 45.77.110.235 45.77.202.26 45.77.146.223 207.148.31.245 45.76.126.238 159.223.105.100 161.35.121.79 208.68.38.165 147.182.131.77 174.138.35.170 137.184.195.191 159.223.144.24 198.211.107.112 143.244.166.70 137.184.207.100 192.248.163.40 104.238.185.73 45.76.46.55 140.82.52.129 108.61.208.75 217.69.9.96 149.28.228.237 45.77.106.232 140.82.15.60 108.61.142.158 45.77.220.240} and not ip.geoip.country in {"AU" "NZ"} and not cf.client.bot)

There are nicer ways to do this, such as adding all the MalCare addresses to an IP List, and referencing that list in your firewall rule.

dave82 · May 22, 2022, 10:38pm

Thanks.

I’ll give that a go

system · June 6, 2022, 10:39pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.