GeoIP databases in ingress-nginx without maxmind GeoIP2

[chlynott]

Is it possible to use ModSecurity to block/accept traffic based on a database other than the MaxMind GeoIP GeoIP2 databases?
We are looking to use the ModSecurity module in Nginx ingresses using an annotation to allow or block traffic based on country codes to our e-commerce sites. This is the current annotation we using to test:

nginx.ingress.kubernetes.io/enable-modsecurity: 'true'
nginx.ingress.kubernetes.io/modsecurity-snippet: |
      SecRuleEngine On
      SecRequestBodyAccess On
      SecAuditEngine RelevantOnly
      SecAuditLogParts ABIFHJKZ
      SecAuditLog /var/log/modsec_audit.log
      SecGeoLookupDb /etc/nginx/geoip/GeoIP.dat
      SecRule REMOTE_ADDR "@geoLookup" "chain,id:22,log,drop,msg:'InvalidIP'"
      SecRule GEO:COUNTRY_CODE "@pm US"

I have not come across any documentation that shows the use of any other GeoIP type database and am wondering if it's even possible.

Azure Kubernetes version: 1.26.0 ingress-nginx helm version: 4.5.2

[martinhsv]

Hello @chlynott ,

The maxmind/GeoIP interface is what is directly supported in ModSecurity.

Using some other data source could be possible but would require some work on your part and would have some disadvantages (such as performance).

The current description above does not include a reason for not using GeoIP, but an earlier edit suggested concern about licensing costs. Note that there is a free version available -- it comes with a caveat about being less accurate but I've never heard significant concerns about the country code accuracy in that data source.