ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://www.forum.configserver.com/

Country Code (CC) in custom regex ?

https://www.forum.configserver.com/viewtopic.php?t=12780

Page 1 of 1

Country Code (CC) in custom regex ?

Posted: 10 Mar 2023, 08:21
by jmginer
Hello, it's possible to read the country code in a the customer regex?

In my case, I want to block xmlrpc attacks on all countries except spain.

Something like this will run?


if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) and ($cc != ES) \/xmlrpc\.php.*" /)) {
return ("xmlrpc attack",$1,"xmlrpc","20","80,443","3600");
}

Thanks!

Re: Country Code (CC) in custom regex ?

Posted: 16 Mar 2023, 16:12
by Sergio
Unfortunately you didn't wrote a log line to check your rule.
But you can check if your rule is working using regex101.com

Sergio
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited