Trying to use the below rule to match IPs that do not geo locate to the US or Canada. The below rule is matching all US IPs instead. I know the add-on works.
What am I doing wrong here?
event: UserLoggedIn
metadata_rules:
op: or
rules:
- op: is
not: true
path: event/country/iso_code
value: US
case sensitive: false
- op: is
not: true
path: event/country/iso_code
value: CA
case sensitive: false
op: lookup
path: event/ActorIpAddress
resource: lcr://api/ip-geo
This is a classic boolean logic issue. You need and, not or.
Your current rule reads: “match if country is NOT US OR country is NOT CA.” For a US IP:
- NOT US → false
- NOT CA → true
- or → true (matches, because it’s not CA)
Every IP will match at least one of the two negated conditions, so or matches everything.
Fix: Change op: or to op: and:
metadata_rules:
op: and
rules:
- op: is
not: true
path: event/country/iso_code
value: US
case sensitive: false
- op: is
not: true
path: event/country/iso_code
value: CA
case sensitive: false
Now it reads: “match if country is NOT US AND country is NOT CA” — which is what you want. A US IP fails the first check, so the whole and is false. Only IPs outside both US and CA will match.
This is De Morgan’s Law: NOT(US or CA) = NOT US AND NOT CA.
Thank you for taking the time to explain in detail! It seems so obvious now…