You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/waf/policies/geolocation.md
+20-10Lines changed: 20 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,18 +12,30 @@ nd-content-type: reference
12
12
nd-product: NAP-WAF
13
13
---
14
14
15
+
This topic describes the geolocation feature for F5 WAF for NGINX.
16
+
15
17
Geolocation refers to the process of assessing or determining the geographic location of an object. This feature helps in identifying the geographic location of a client or web application user.
16
18
17
-
In F5 WAF for NGINX, the Enforcer will look up the client IP address in the Geolocation file included in the app protect package, and extract the corresponding [ISO 3166](https://www.iso.org/obp/ui/#search) two-letter code, representing the country. For instance, "IL" denotes Israel. This information is denoted as "geolocation" in the condition and is also included in the request reporting.
19
+
The Enforcer will look up the client IP address in the Geolocation file included in the F5 WAF for NGINX, and extract the corresponding [ISO 3166](https://www.iso.org/obp/ui/#search) two-letter code, representing the country.
20
+
21
+
For instance, "IL" denotes Israel. This information is denoted as "geolocation" in the condition and reported in the request..
22
+
23
+
Applications protected by F5 WAF for NGINX can use geolocation enforcement to restrict or allow application use in specific countries. You can adjust the lists of which countries or locations are allowed or disallowed with a security policy.
24
+
25
+
If the user tries to access the web application from a location that is not allowed, the `VIOL_GEOLOCATION` violation will be triggered.
18
26
19
-
For applications protected by app protect, you can use Geolocation enforcement to restrict or allow application use in specific countries. You can adjust the lists of which countries or locations are allowed or disallowed in a app protect security policy. If the user tries to access the web application from a location that is not allowed, the `VIOL_GEOLOCATION` violation will be triggered. By default, all locations are allowed, and the alarm and block flags are enabled.
27
+
By default, all locations are allowed, and the alarm and block flags are enabled.
20
28
21
-
Requests from certain locations, such as RFC-1918 addresses or unassigned global addresses, do not include a valid country code. The geolocation is shown as **N/A** in both the request and the list of geolocations. You have the option to disallow N/A requests whose country of origination is unknown.
29
+
Requests from certain locations, such as RFC-1918 addresses or unassigned global addresses, do not include a valid country code.
22
30
23
-
For example, in the policy provided below, within the "disallowed-geolocations" section, "countryCode": IL and "countryName": Israel have been included. This signifies that requests originating from these locations will raise an alarm, trigger the `VIOL_GEOLOCATION` violation and will be blocked.
31
+
The geolocation is shown as _N/A_ in both the request and the list of geolocations. You can disallow N/A requests whose country of origination is unknown.
24
32
33
+
In the follow policy example, _"countryCode": IL_ and _"countryName": Israel_ have been included within the _"disallowed-geolocations"_ section.
25
34
26
-
```shell
35
+
This indicates that requests originating from these locations should raise an alarm, trigger the `VIOL_GEOLOCATION` violation and be blocked.
36
+
37
+
38
+
```json
27
39
"general": {
28
40
"customXffHeaders": [],
29
41
"trustXff": true
@@ -46,13 +58,11 @@ For example, in the policy provided below, within the "disallowed-geolocations"
46
58
47
59
```
48
60
49
-
The below example represents a security policy for a web application. The policy named as "override_rule_example" is based on a template called "POLICY_TEMPLATE_NGINX_BASE." The policy is set to operate in "blocking" mode, which means it will prevent certain activities.
50
-
51
-
There's a specific configuration under "general" that deals with custom headers for cross-origin requests, specifically the "xff" header. The policy is configured to trust this header.
61
+
The next example represents a security policy override for a web application. The policy is named "_override_rule_example_" and is based on a template called "_POLICY_TEMPLATE_NGINX_BASE_".
52
62
53
-
In the "override-rules" section there is one override rule named "myFirstRule." This rule is set up to trigger when the geolocation of a request is identified as 'IL' (Israel). When this condition is met, the action taken is to extend the policy, but with a change in enforcement mode to "transparent."
63
+
The policy is set to operate in _blocking mode_, which means it will prevent certain activities. The policy is configured to trust headers configured under _general_ that deal with custom headers for cross-origin requests, specifically the _xff_ header.
54
64
55
-
In simpler terms, when someone tries to access the web application from Israel ('IL'), the security policy will be adjusted to allow the access but in a more transparent manner, meaning it won't block the access but may monitor it differently.
65
+
In the "_override-rules_" section there is one override rule named "_myFirstRule_". This rule is configured to trigger when the geolocation of a request is identified as 'IL' (Israel). When this condition is met, the action taken is to extend the policy, but with a change in enforcement mode to "transparent."
0 commit comments