RFE: GEO support for ModSecurity


Well-Known Member
Please enable support for GEO based rules within ModSecurity as they are a very effective way of blocking threats.

[ERROR] [ModSecurity] unknown server variable while parsing: GEO:COUNTRY_CODE


LiteSpeed Staff
Should be available in 5.0.4 release now.
/usr/local/lsws/admin/misc/lsup.sh -f -v 5.0.4

You need to configure GeoIP stuff through LiteSpeed Web Console first, ModSecurity's GeoIP related configuration does not work.


LiteSpeed Staff
"stuff" refers to SecGeoLookupDb configuration, it wont work with litespeed. GeoIP DB must be set in LiteSpeed native configuration.


Well-Known Member
Hello mistwang,

Have upgraded to 5.0.4 and set up the LS native GeoIP DB in the control panel. No hits yet which has made me suspicious of whether it is working or not so I have switched on debugging and see:

error_log:2015-08-05 12:55:00.116 [DEBUG] [/etc/httpd/modsecurity.d/innovot.conf:3] processing direcitve: SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:999999,pass,msg:'INNOVOT WAF Rules - Blocking Wordpress Login Attempt by Country Code'".
error_log:2015-08-05 12:55:00.116 [DEBUG] [/etc/httpd/modsecurity.d/innovot.conf:4] processing direcitve: SecRule GEO:COUNTRY_CODE "@pm BR BY CN RU KZ UA".

then to perform the block we use the following stanza:

<LocationMatch /wp-login.php>
<IfModule mod_security2.c>
SecRuleUpdateActionById 999999 "chain,deny,log,status:403"

Can you see anything wrong with the configuration please ? Thank you.
Last edited:


LiteSpeed Staff
LiteSpeed does not support "SecRuleUpdateActionById". Just move that rule to <LocationMatch /wp-login.php> ...</LocationMatch>

You can turn on ModSecurity debug logging with "SecDebugLogLevel 9" to find out what happened.