We added the @ipMatch operator to v2.6.0 to more accurately handle IP
While this is certainly an improvement (vs. using regex), I agree with
your point that we still need a mechanism that combines both @ipMatch and
@pmf so that you can list a large number of addresses.
I have created a Jira ticket for this new feature -
Another related issue is that external files (called up from say @pmf) are
loaded into memory at startup. This is done for performance reasons,
however you highlight its downside. We will look to add a mechanism so
that ModSecurity can check for updated external files and then re-read
that data into memory.
In the meantime, I would suggest that you possibly look at leveraging your
own DNS RBL and even a "Real-time White List" where you can add in IP
addresses that that you want to either whitelist or blacklist. With this
setup, you could then use the @rbl checks to dynamically check the IP
On 5/18/11 1:35 PM, "Phoenix Kiula" <phoenix.kiula@...> wrote:
>> Yes, IIRC the patterns of that file are merged into a prefix-tree to
>> the lookup. This should be done at Apache startup time.
>Thanks. But in this case, I am a bit disappointing, because every time
>we add to a file, we need to restart Apache? If we were using this
>for, say, a blacklist file -- how do we make sure that we keep adding
>to the blacklist without restarting Apache everytime?
>Thanks for any pointers!
>What Every C/C++ and Fortran developer Should Know!
>Read this article and learn how Intel has extended the reach of its
>next-generation tools to help Windows* and Linux* C/C++ and Fortran
>developers boost performance applications - including clusters.
>mod-security-users mailing list
>ModSecurity Services from Trustwave's SpiderLabs:
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.