<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div style="-webkit-text-size-adjust: auto;"><br></div><div style="-webkit-text-size-adjust: auto;"><br>On 16 sep 2014, at 23:27, Eoin Miller <<a href="mailto:eoin.miller@trojanedbinaries.com">eoin.miller@trojanedbinaries.com</a>> wrote:<br><br></div><blockquote type="cite" style="-webkit-text-size-adjust: auto;"><div>
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  
    <div class="moz-cite-prefix">On 9/16/14 7:15 PM, <a href="http://Mesra.net">Mesra.net</a> CEO
      wrote:<br>
    </div>
    <blockquote cite="mid:7C374D57F757470DAFBAEAB5988D0928@UserPC" type="cite">
      <div dir="ltr">
        <div style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
          #000000">
          <div>Dear All,</div>
          <div> </div>
          <div>My Suricata 2.0.3 compile with libgeoip, so I’m looking a
            rules to DROP any access out of Japan to wp-login.php file,
            so how to go about it?</div>
          <div> </div>
        </div>
      </div>
    </blockquote>
    <br></div></blockquote><div style="-webkit-text-size-adjust: auto;"><br></div><div style="-webkit-text-size-adjust: auto;">Some geoip info -</div><div><span style="-webkit-text-size-adjust: auto;"><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP</a></span></div><div><span style="-webkit-text-size-adjust: auto;">The rule example in the link  above is not optimal for your case though.</span></div><div style="-webkit-text-size-adjust: auto;"><br></div><div style="-webkit-text-size-adjust: auto;"><br></div><br><blockquote type="cite" style="-webkit-text-size-adjust: auto;"><div>
    Handle it in the webserver.<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://dev.maxmind.com/geoip/legacy/mod_geoip2/">http://dev.maxmind.com/geoip/legacy/mod_geoip2/</a><br>
    <br>
    -- Eoin<br>
  

</div></blockquote><blockquote type="cite" style="-webkit-text-size-adjust: auto;"><div><span>_______________________________________________</span><br><span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br><span>OISF: <a href="http://www.openinfosecfoundation.org/">http://www.openinfosecfoundation.org/</a></span></div></blockquote></body></html>