Firewall Rules not working with 2 Geo Country?

Hello, i implemented a firewall rules for https://autovacbot.com.sg

I got this expression from runcloud blog, and its working if i set 1 Country like below:

((http.request.uri.path contains “/xmlrpc.php”) or (http.request.uri.path contains “/wp-login.php”) or (http.request.uri.path contains “/wp-admin/” and not http.request.uri.path contains “/wp-admin/admin-ajax.php” and not http.request.uri.path contains " /wp-admin/theme-editor.php")) and ip.geoip.country ne “SG”

What i want to do now is to add another Country into the excluded list. i modified as so:
((http.request.uri.path contains “/xmlrpc.php”) or (http.request.uri.path contains “/wp-login.php”) or (http.request.uri.path contains “/wp-admin/” and not http.request.uri.path contains “/wp-admin/admin-ajax.php” and not http.request.uri.path contains “/wp-admin/theme-editor.php”)) and ((ip.geoip.country ne “SG”) or (ip.geoip.country ne “MY”))

after saving, whenever i tried to access wp-admin, i will still get the captcha. im ip originates from Malaysia.

i think my expression is built correctly but im not sure why it’s not working.

and also the new hCaptcha is annoying to the max. had to click so many images. argh

any advise to my issues is much appreciated

Instead of COUNTRY not equal, try the “Not In” list: (not ip.geoip.country in {"MY" "SG"})

I think the problem is the OR instead of AND. OR will flag everybody because they can’t be both. But I’d use the list feature, as it’s more compact and easier to add more countries.

ohmy, it works!! thank you so much!

This topic was automatically closed after 30 days. New replies are no longer allowed.