Firewall Rules - GeoIP don't Work

Hello,

We have big problem with firewall rules.
All request mach work, but not GeoIP.

Rule to allow access URI wp-admin or wp-login.php when country is in Brazil, after other rule with denied access to wp-login and wp-admin for all countries does not equal Brazil
In overview, I can see allow for any countries.

If create first rules for denied access to country “is not in” or “does not equal” Brazil (try 2 machs), the access is denied for all countries, but to Brazil too.

My account have actived GeoIP.

Can help, please?

Can you post screenshots of your firewall rule list plus of the individual rules?

I edited 2nd rule without specific country for block.
Still not working.

This log is recent. Here I can see access from Ukraine, Russian, etc

The first rule will basically allow all requests for *wp-login.php*. Furthermore it will allow all requests for *wp-admin* which orignate from Brazil. Is this what you wanted?

Sure, because you first rule explicitly allows that.

So what is it you want? Block these URLs for all countries except Brazil?

Yes, that’s it.
The main thing is to deny from other countries

Sorry, my first rule explicitly allows wp-admin and wp-login ONLY from Brazil

It does not I am afraid. Your logical operators are wrong.

You are probably after

(http.request.uri.path eq "/wp-login.php" or http.request.uri.path contains "wp-admin") and ip.geoip.country ne "BR"

then block.

How fix?

Ehm, precisely what I already wrote.

My first rule already is
(http.request.uri.path eq “/wp-login.php” or http.request.uri.path contains “wp-admin”) and ip.geoip.country ne “BR” (Allow)
2nd rule
(http.request.uri contains “wp-login.php”) or (http.request.uri contains “wp-admin”) (Block)

Why any country have access?

No, your first rule is not anything like this.

Drop your first and second rule and create one only with the expression I posted above.

Change rule, now just this:
(http.request.uri contains “wp-login.php”) or (http.request.uri contains “wp-admin” and ip.geoip.country ne “BR”)

and, denied access from Brazil!

Again, that is not the rule I posted. Not even remotely.

My server is in Germany, but it is whitelisted already.

As long as you dont implement the rule properly you wont get it to work :wink:

Using
(http.request.uri.path eq “/wp-login.php” or http.request.uri.path contains “wp-admin”) and ip.geoip.country ne “BR”

and denied access from Brazil

(Sorry my user is blocked for new replys for 23 users)